Security/Sandbox/2017-07-13

From MozillaWiki
Jump to: navigation, search

« previous week | index | next week »

haik

  • bug 1376496 - Follow-up fixes to moz-extension remoting support in 1334550
  • bug 1376163 - [10.13] No audio playback on YouTube, no audio/video on Netflix (macOS High Sierra 10.13 Beta)
    • In Nightly/Beta/Will uplift to Release
  • bug 1380141 - Running Talos locally on OS X results in crashed tabs
  • bug 1380132 - SSL info in url bar totally broken on mac nightlies due to sandboxing changes
  • bug 1379906 - Assertion and crash during startup when running Marionette tests

Alex_Gaynor

  • bug 1379182 + bug 1379803 - Restrict the write operations and types of files which can be created in the content temp directory
  • Win32k lockdown research!
    • Have scripts for capturing stack traces and aggregating and analyzing them
    • Collected a bunch of data, then realized I was missing a few hundred syscalls this morning, so need to rerun

gcp

  • bug 1379100 Simplify symlink reversal by pretending they don't exist
  • Got an emergency branch if symlink handling stays an issue
  • Working on tests
  • {{[Bug|1380051}} Linux support for Shader Caches in Content Process

bobowen

  • Landed
    • bug 1377555 - Running from a symlinked network drive will fail with restricting SIDs.
  • bug 1366694 - Enable Windows level 3 content process sandbox by default on Nightly.
    • Got backed out because I hit more serious leaks of the same kind in tests that for some reason aren't run on try by default. Managed to reproduce though and get more logging, aklotz is working on the fix (bug 1379643).
  • bug 1314801 - Enable PROCESS_MITIGATION_IMAGE_LOAD_POLICY
    • Code for this is #ifed out in the chromium sandbox because it requires Win10 SDK. Looks like we can require that now filed bug 1380609.
  • bug 1378377 - file:// URI sub-resources within CAPS whitelisted http pages will fail to load with read sandboxing - got distracted from this and managed to delete my patch :-(. Wasn't too big though, I'll pick this back up tomorrow and hope to get patches up.

spohl

  • busy with Quantum Flow work, particularly popup support in OOP WebExtensions (bug 1356317 & bug 1379940)
  • no sandboxing

jld

  • is out sick but at this meeting anyway
  • Trying to get some NSS stuff landed (bug 1329766)
  • musl libc stuff (bug 1376653)
  • Widevine stuff (bug 1372428) finished/tested/landed
    • Needs beta uplift…

handyman

  • bug 1334803 - XFinity login fails due to Flash sandbox
    • Landing and pushing to beta
  • Remoting Win32 network APIs in NPAPI process
    • Augmented DLL interceptor + tests to cover needed methods
    • Still researching Win32 APIs and their usage
    • Begun PluginModuleChild refactor to shrink the dumpster
  • Windows widget sec bug

gabor

  • Bug 1373660 - landed a preallocated process manager patch (prevents to spawn a content process before first paint)
  • Bug 1376895 - working on a patch for activity stream (aboutnewtab is moved to the content process, side effect: preallocated process manager and preloaded browser collision)
  • trying to organise a meeting for content process memshrink - had some conversations with stakeholders

Round Table

Retrieved from "https://wiki.mozilla.org/index.php?title=Security/Sandbox/2017-07-13&oldid=1176377"