Security/Sandbox/2016-08-04

« previous week | index | next week »

bobowen

• bug 1287446 - Print progress dialog, [Cancel] button is truncated with long document title - fix landed, will request uplift
• bug 1288021 - GMPs on a Network path not mapped to drive letter fail to load - uplifted to Beta
• bug 1287426 - Update security/sandbox/chromium/ to Chromium stable channel version 49.0.2623.112 - problem with USER_NON_ADMIN access token level, need to investigate further
• bug 1288194 - [e10s] Some SVG images do not print - looking at this now, looks like an issue with DrawTarget recording/playback

Update on bugs prior to PTO:

• bug 1287984 - Content process cannot open GPU process DIBs - landed
• bug 1246505 - Let the Windows low integrity content sandbox ride the trains - landed

haik

• bug 1228022 - Trigger print jobs from the parent instead of the child for OSX - reading lots of code
• bug 1288774 - Remove the OSX rule added in bug 1190032 for nsPluginHost::GetPluginTempDir - landed
• bug 1290619 - Content sandbox rules should use actual profile directory, not Profiles/*/ regex's - working on

tedd

• bug 1104619 Remote audio - minor progress (WIP pushed to https://github.com/jhector/gecko-dev/tree/bug-1104619-remote-audio )
• bug 1288410 Extend SandboxBroker - started on review
• not much work this week

gcp

• bug 1288410 Extend SandboxBroker to allow adding paths
• bug 1289718 Construct a seccomp-bpf policy for file access on Linux Desktop
• Same tracing of various AuditDenial calls from content (i.e. access(kate, X_OK))

jld

• bug 1290343 — Landed; Widevine works on 32-bit Linux now.
• bug 1290618 — Landed; Linux GMP processes don't crash in the “attach with gdb; sleeping for 300 seconds” thing
  • But they still get SIGTERMed for IPC reasons, because ???
    • TODO: file a bug for that
• bug 1290633 — Landed; Linux GMP processes give crash dumps instead of infinitely nesting the crash handler
  • But we're still losing metadata; filed followup.
• bug 1290896 - Crash in je_free | swrast_dri.so@0x438a90 (SIGILL crash)
  • Bisects to seccomp-bpf patch, but it's not SIGILL in jitcode or similar, so ???

roundtable

• Should sandbox capability crashreport annotations be public?
• Windows XP - Peter Dolanjski on the Fx team is apparently reevaluating this. Recommend that as many of us send feedback as possible. I already have.