Security/Sandbox/2015-09-24

« previous week | index | next week »

Windows

• Content Sandboxing
  • bug 1156742 - print to xps with low integrity sandbox - making progress on modifying Moz2D recording to work when not recording everything. Bit more work than I thought, but I'm now convinced this is the best approach all round. Then I need to work on using it for the actual printing. I think it should address the Print Edit bug bug 1189846, as well as being cross-platform.
    I also noticed that my current EMF solution doesn't work if I use a stronger sandbox policy, as I'm still using the existing HDC as a reference. That could probably be worked around, but it demonstrates that if we go with the temporary EMF fix, I could have to put a fair bit of effort into debugging and maintaining that.
  • bug 1173371 - Sandbox prevents Firefox from working from a network drive on Windows - this is a problem for Chrome as well, might be able to fix be giving read access to the DLLs in the binary directory from the broker.
  • bug 1207972 - Move to using USER_INTERACTIVE and JOB_INTERACTIVE - patch ready, hope to get reviewed and landed soon.

• Other Windows Work
  • GameGuard {{bug|1139497) - retested all sandboxed processes without issues while running two different games, including after update. So I've closed the bug.

Linux/B2G

• Content Sandboxing
  • bug 930258, the file proxy, finally has patches posted for review.

• Other Linux Work
  • Filed bug 1207790, about breaking the build on old kernel header versions, from a report on IRC.

OS X

• Other Mac Work
  • Fixes for e10 Shmem races

Cross Platform

• WebRTC/OpenH264 Sandboxing
  • Fixes for shutdown race in video sandbox

• nsWebBrowserPersist has more regressions: bug 1203602
  • One affects non-e10s but may not be worth fixing for 42 (comment #8)