Security/Sandbox/2017-08-17

From MozillaWiki
Jump to: navigation, search

« previous week | index | next week »

jld

  • bug 1382442 - GConf/bind(); there's an actual reporter now
    • I have a patch to disable GConf in content processes; I think that'll affect only WebRTC using HTTPS proxies
  • bug 1380051 - Shader caches
    • Assigned the Nightly NIS crashes to it
  • bug 1387742 - Mysterious Linux GL crash; the problem is /lib64
    • “When you hear hoofbeats, think of horses, not zebras.”
  • bug 1384986 - The DConf yak-shaving bug
    • Have review
  • bug 1383888 - restrict readlinkat
    • “Simple”, but Ubuntu doing major upgrades to Mesa in 16.04.3 was unhelpful
    • Also we might have other problems with libudev in the future; might need CentOS 7 or Ubuntu 14.04 on hand
      • netlink. Sigh.
  • bug 1380701 - link/symlink/rename
    • Found another not-quite-security bug; analyzed it
    • Landed, backed out for silly mistake, relanded

haik

  • Policy pruning
    • bug 1388580 - [Mac] Remove miscellaneous iokit open permissions
  • Font bug:
    • bug 1382260 - [mac] Sandbox blocks access to Linotype FontExplorerX font directory
      • Current approach is to allow read-access to files based on extension
      • Looking into GetSystemFontFamilyList() used on Mac
  • bug 1390346 - Redirects to moz-extension:-URLs fail when loaded from a xpi, but succeed when extension is unpacked

gcp

  • bug 1384804 Broken browser when running under a firejail sandbox
  • bug 1386826 Reftest and crashtest doesn't run locally on linux, after sandbox tightening
    • Still require srcdir
  • Looking through bugs making sure symlink handling is fine:
   **bug 1384718 WebGL doesn't initialize with Mesa 17.1 on Intel HD4600
   **bug 1387742 Experiencing Linux GL crashes ever since bug 1308400
  • There was some AMD (catalyst) specific bug with semaphores

Alex_Gaynor

  • win32k lockdown - integrating syscall recording with tests
    • No luck getting working stacks in API Monitor - posted to their forum, hopefully will result in a resolution
    • Taking a look at Event Tracing for Windows (ETW) - can be programmatically triggered, but not clear if it has events for win32k syscalls, or if you can get stack traces from it. (The docs are miserable)
  • bug 1229829 Alternate Desktop for Windows


handyman

  • bug 1382251 - Brokering https in NPAPI process
    • wip
  • bug 1366264 - RecvShowEvent failed to add children
    • Duped to a bug Eitan was landing

Round Table

When is the best time to un-whitelist $PROFILE/extensions? Use extensions.legacy.enabled? [tom] Maybe an easy question: is it possible/easy to grant access to <stuff> on the fly for a content process

   Use case: Image a world where we have site isolation, and facebook.com doesn't have microphone access, so we sandbox it off for facebook's content process. Then the user grants mic access to facebook. Can we update the sandbox for that process?
   Audio will be remoted so...
   In general: we would want to remote access to <thing> and gate permission based on the [gecko permissions database] in the parent
   Neat: camera IPC checks that at least one domain in content process has access to camera
   [Bug 1177242] Video device access needs to re-verify UX permissions
   Problem: content process can always pretend to be a domain (But with site isolation this ought to be fixable...)
   History: B2G camera permissions: https://bugzilla.mozilla.org/show_bug.cgi?id=976398