Security/Sandbox/2017-04-13

From MozillaWiki
Jump to: navigation, search

« previous week | index | next week »

haik

bobowen

  • Fair bit of time getting bug 1329294 and bug 1347646 landed and into Beta.
  • bug 1344465 - Can't submit form using post method form WebExtensions or file:// page (related to bug 1347921?)
    • Working through scenarios for this, need to add fair bit of testing.

Alex_Gaynor

  • bug 1355083 Made the macOS sandbox policies full constant strings - landed.
  • bug 1294641 Make it possible to deny read access to $HOME by whitelisting the source location for non-packaged builds
    • Works locally, still figuring out what the design-correct way to detect non-packaged and the source location.
  • bug 1354678 - Moved macOS sandbox policies from c-strings to files - not really started

gcp

  • PTO
  • bug 1308400 Debugging read policy with symlink handling

jld

  • Nobody had triaged the SIGSYS crashes in a while; I did.
    • Filed a bunch of bugs; have patches for some
    • bug 1354731 - GPU driver mknod; landed
    • bug 1355274 - Pulseaudio libasyncns socketpair; have patch, tested
    • bug 1325242 - Did needinfo (sandbox problems via GConf -> ORBit -> utime)
    • bug 1294528 - The JAR bug is back
    • bug 1355270 - fstatat(2) <- ftw(3) <- ?????
    • Possibly more I'm forgetting, but they're all linked to crash signatures.
  • Picked up some minor bugs that had been annoying me; did patches; sent to try

roundtable

  • Telemetry for Linux?
    • It's working, but need to select “Don't Sanitize” to see any data
    • Some of it is also on crash-stats, but not all of it
    • msgsnd: We allowed msgget (bug 1285902) but nothing else, so the process can create message queues but not use them.
      • And that bug is old enough that the crash reports have expired, so we don't know *what* was using message queues