Security/Sandbox/2017-09-21

From MozillaWiki
Jump to: navigation, search

« previous week | index | next week »

gcp

  • bug 1382323 Firefox 54 on Fedora 26 doesn't launch custom protocol handler
  • bug 1384804 Broken browser when running under a firejail sandbox

haik

bobowen

  • bug 1372823 - Extend BaseThreadInitThunk gatekeeping to support Windows 64-bit
    • Landed.
  • bug 1397301 - Crash in sandbox::SharedMemIPCClient::DoCall
    • Hopefully fixed by bug 1372823, probably wait to see if it re-occurs in Beta as it's fairly rare on Nightly.
  • bug 1385207 - Audio over RDP connections not working in 57
    • Decision to live with regression with workaround in 56.
    • Have a patch for automatically weakening sandbox, possibly this should be behind a pref.
  • bug 1400826 - [META] Tracking bug for Windows sandboxed process failed launches.
    • Start filing bugs for these, numbers are much lower now errors are once per session. It will be interesting to see what happens in Beta.
  • bug 1230910 - Get sandbox compiled with mingw-w64
    • Just a note that Georg Koppen, got a working version of Tor Browser with the sandbox enabled.

jld

  • Commented on bug 1386297, about ASan Nightlies and interaction with sandboxing
    • Considered trying to get LSan to work, but, just no. (Blocks SIGSYS with inlined sigprocmask, uses ptrace, …)
    • Suggestion: ASan Nightly uses ASan + sandboxing (we'd need to un-bit-rot and disable LSan by default), while tests use ASan+LSan
      • And minimal tests of ASan + sandboxing — mainly, don't break the crash reporting
  • FIled bug 1401062 for The Clone Thing, and a few others
    • Commented on bug 1151624 (pid namespaces) to update it and describe current direction
    • Filed bug 1401053 for pid namespace isolation for content
      • Once again, PulseAudio is a problem
    • bug 1401786 for cleaning up launch options
      • Still just guessing whether this might be useful on other platforms….
    • bug 1401790 to remove ProcessArchitecture (cross-arch NPAPI on OS X)
  • bug 1396542 - The mysterious Goobuntu bug is about /var/lib/dbus/machine-id, and our QA independently found it on Ubuntu 14.04 and Arch
  •  :jesup's fd exhaustion (is this one really our problem, or are we just the one "on top" of the stacks?)
    • The fd exhaustion isn't our problem, but we could, at least, print more useful error messages if it hits us.
      • (It's vaguely *my* problem, because IPC shmem is part of the problem and I'm an IPC peer.)
      • (Also there was a log message about an IPDL message losing attached fds, so maybe I should file a bug about that too….)
    • Filed bug 1401774 to suggest having the broker handle this more gracefully
    • Filed bug 1401776 against IPC to suggest raising the limit (but currently it's handled in Necko)


handyman

Retrieved from "https://wiki.mozilla.org/index.php?title=Security/Sandbox/2017-09-21&oldid=1182530"