Security/Sandbox/2016-10-06

« previous week | index | next week »

haik

• bug 1307573 - Remove unused system.sb mach-lookups from OS X content sandbox
• bug 1307282 - Remove global file-read-metadata rule and unused macros from OS X content sandbox
• bug 1306508 - Whitelist the OS X $TMPDIR and reduce content process write access further

Steven's SandboxMirror kernel extension File system test

bobowen

• bug 1147911 - Use a separate content process for file:// URLs
  • Have the separate web content browser opening from file content, it's not navigating yet, currently debugging.
• bug 1273372 - [EME] Crash in mozilla::gmp::GMPChild::ProcessingError
  • Sandbox logging changed to try and help with this bug 1307375
• bug 1271890 - Crash in base::win::PEImage::GetProcAddress
  • Looks like chromium update might have fixed this \o/.
• Chromium code
  • Waiting on security team to decide who will take on the access.

gcp

• some iterations on broker patches for 32-bit bustage
• non-sandboxing work

handyman

• bug 1303361 64-bit Flash audio is not playing on Tidal
  • Tidal has come back with some technical details.
  • This is their audio-detection library (that is failing): https://github.com/scottschiller/SoundManager2
  • Unable to repro missing audio bug. This may become a priority.
• bug 1284897 64 bit Flash Player has storage permissions issues
  • WIP

jld

• The last of the broker patches is reviewed. (gcp) I have news for you...
• bug 1302891 (review) — allow mremap; needed for CFI
• bug 1288997 (review) — Blob IPC SendStream use-after-ActorDestroy bug

Roundtable

• Android?