Security/Sandbox/2016-07-14

From MozillaWiki
Jump to: navigation, search

« previous week | index | next week »

bobowen

  • bug 1252877 - Add support for taking plugin window captures at the start of a scroll - most reviews in, part 2 updated following review.
  • bug 1273765 - Crash in mozilla::gfx::RecordedSetTransform::PlayEvent - patch up for review, but may well not be acceptable. bug 1285942 filed to deal with the crash more directly.

haik

  • bug 1274540 - Record sandboxing status in crash reports - patch on reviewboard
  • bug 1284291 - Add the 'com.apple.fonts' service to the sandbox profile. - Nightly/Sierra not stable for me right now

tedd

  • land/review patches for nightly bugs tracked by bug 1280415
  • updated wiki page for splitting up milestones/triaged current milestones

gcp

  • Firefighting seccomp landing
  • Approving patches

aklotz

  • bug 1285356 - Windows DLL blocklist bustage - r+'d just need to address any comments and land

Roundtable

(Brought up earlier) Linux stack unwinding:

  • Imprecise unwinding and no line info from system libraries is a problem for SIGSYS triage
  • Client-side stack walking is being worked on: bug 1280469
  • There are also some half-finished tools for scraping some distros' debug packages; :ted knows.
  • But the stack scanning data can be used as-is; might need tracking down packages and disassembling/RE.

Non-crashing bug reporting:

  • For deciding how to stop allowing syscalls later.
  • Need some kind of live stack walks
    • client-side breakpad mentioned above?
    • Background hang telemetry does… something.
    • _Unwind_Backtrace and hope there's no reentrancy?
  • Need a bug for this 1286865