Security/Sandbox/2016-12-15

From MozillaWiki
Jump to: navigation, search

« previous week | index | next week »

bobowen

  • bug 1279699 - Crash in OOM | large | mozalloc_abort | mozalloc_handle_oom | moz_xmalloc | std::_Allocate | std::basic_stringbuf<T>::overflow
    • Last patch was backed-out
    • New patch landed that uses separate file for each page
    • uplifted to Beta
  • bug 1273372 - [EME] Crash in mozilla::gmp::GMPChild::ProcessingError - (Applocker)
    • patches up for review
  • bug 1321522 - Crash in mozilla::gfx::RecordedScaledFontCreation::PlayEvent
    • fairly low level crash - null check with gfxDevCrash logging landed
  • bug 1319456 - fix landed and uplifted to Beta
  • bug 1321256 - Run firefox 50 from a network drive (not working anymore)
    • looks like this was down to using a restricted token (USER_RESTRICTED_SAME_ACCESS) as the initial token even when using USER_NON_ADMIN later which is not restricted.
    • fix landed, need to uplift
    • we need to think how this will work for when we are using restricted tokens, because then we have to use initial restricted token, as I understand it
  • bug 1322520 - Print Edit add-on can no longer print to PDF with landscape orientation
    • down to more printing weirdness, basically because the print device has to exist even when printing to PDF, which doesn't use a print device
  • bug 1316665 - Never ending spinners on a freshly installed Nightly 64-bit
    • content process is failing to start on VMs for this company when Firefox installed to AppData (because of no admin rights)
    • probably down to DLLs not loading, as we get no logs
    • hoped this would be fixed by bug 1321256 patch, but it isn't
    • asked them for VM set-up instructions so that we can reproduce
  • Closed off bug 1275813 and bug 1271890

haik

  • bug 1309394 - Introduce automated tests to validate content process sandboxing works as intended
    • Switched to using ContentTask.spawn
    • Talked to bsmedberg about c-types, recommended looking into using gtests with compiled code in libXUL
  • bug 1322370 - Disable camera access in the Mac content sandbox
    • Clean try run
    • Working on test that uses camera from content process
  • bug 1322716 - GMP Security bug
  • bug 1322024 - Remove com.apple.windowserver.active from the content process Mac sandbox

tedd

  • audio a little on hold - they are rewriting audio
  • also looked into the range enforcement for IPDL messages (talked about this in the sandbox meeting on friday in hawaii)
  • on PTO: 12/27/2016 - 12/30/2016, back to work on 01/02/2017

jld

  • (not much; I've been sick since I got back from Hawaiʻi)
  • Filed bug 1322506 for WebRTC poking at the network stack.
  • Filed bug 1322526 for a simplification (sort of) of how we deal with namespaces on Linux
  • Did a little investigating of what to do about getpid()

handyman

  • bug 1315325 - Add telemetry to measure use of NPAPI NPN Get/Post URL apis
    • bsmedberg raised doubts about the value of telemetry on these methods.
    • Suggestion seems to be that we can ask Adobe about how the API is used

(i.e. ask if file usage always comes from a temp file or if "broader" file support is required)

    • Goal is to determine if we can reduce API scope to eliminate attackable surface area
  • bug 1251202 - Implement Default Audio Device Notifications for NPAPI plugins on Windows
    • Tracked Adobe issue to calls made from the wrong thread
  • bug 1273091 - Mouse cursor does not disappear in html5 fullscreen video on Windows
    • Uplift to Beta
  • bug 1321493 - NPAPI sandbox is blocking Flash SecureSocket from using Windows certificate APIs on Win64
    • Deciding how to support this API
  • bug 1185472 - Only allow NPAPI HWNDs to be adopted by an HWND in the chrome process.
    • Simplified patch with suggestions from bobowen
    • in review