Security/Sandbox/2017-10-05

From MozillaWiki
Jump to: navigation, search

« previous week | index | next week »

haik

  • bug 1403669 - [Mac] Per-user and system extensions dir regexes only work for 1-character subdirectory names
    • Landed
  • bug 1403744 - [Windows] Whitelist the per-user extensions dir XRE_USER_SYS_EXTENSION_DIR
    • Landed
  • bug 1393805 - Changes for bug 1332190 broke temporary installations of legacy addons with framescripts
    • Backed out due to Mac failures, need to debug
  • bug 1401756 - [Mac] Remove unneeded mach-lookups from plugin sandbox rules
    • Landed
  • High Sierra ESR/52 uplifts needed
    • bug 1392988 - Firefox 55.02 on macOS High Sierra (10.13) cannot play AES encrypted video
    • bug 1376163 - [10.13] No audio playback on YouTube, no audio/video on Netflix (macOS High Sierra 10.13 Beta)
  • bug 1398908 - Add automated test that uses nonexistent script from extension JAR file
    • Tests working for JAR files, not yet for unpackaged
  • bug 1404919 - Fonts don't display correctly since update due to content-process sandboxing on macOS
    • Font issue on release, missing some font types in extension whitelist

bobowen

  • bug 1372823 - Extend BaseThreadInitThunk gatekeeping to support Windows 64-bit
    • Reproduce the test failure, trying to diagnose now.
  • bug 1400637 - Crash in mozilla::layers::ImageBridgeChild::InitForContent
    • For webroot, only seems to crash when loaded very early, which partially explains why it's intermittent
    • Still a number of crashes on Nightly, going to expand the DLL list.
  • bug 1404681 - WebExtensions: tabs.saveAsPDF() throwing exception in Firefox 57.0b3 & 58.0a1
    • Problem seems to be due to the ordering of IPC message processing.

gcp

  • 1382323 Firefox 54 on Fedora 26 doesn't launch custom protocol handler
  • Reviews
  • Adding support for reading ld.conf.*
  • bug 1387837 Consider using /etc/ld.so.conf for creating the broker read access policy

Alex_Gaynor

  • bug 1380674 - [landed] Removing directory creation permissions from the macOS sandbox
    • bug 1405312 - [landed] Delete the dead code in NPAPI that used to create directories
  • bug 1319423 - [in dev] Change how we do print IPC to not create a temporary file from the content process
    • Removes either the last or second to last file creation in content process, in hopes of removing all write privileges!
  • macOS GPU process
    • Trying to understand how Chrome uses its GPU process, given the platform limitiations -- answer seems to be "it does way less than the Windows Chrome GPU process does"

jld

  • bug 1401666 - The Mesa 12 / libudev bug: wrote patch, tested, landed.
  • bug 1404647 - Linux sandboxing vs. parent process exiting before content proecesses
    • Rust RNG (used by hash tables) panicking because of /dev/urandom
    • Will be “fixed” by changes in Servo
    • Also commented on bug 1405293 (same Rust stdlib code, but EINTR) while I was at it.
  • Confirmed that bug 1126437 (socket/connect) allows an easy sandbox escape.
  • bug 1405891 - split ioctl bug into blocking tty stuff (this bug) and moving to default-deny (original bug; will probably break on Nightly at least once)
    • TIOCSTI is a known issue for sandboxes (CVE-2016-9016)
  • The IPC cleanup train is rolling again
    • Landed bug 1397928: remove a few unused things)
    • Posted patch for bug 1259852 - de-duplicate env code (& fix race on OS X)
    • Posted patch for bug 1316153 - remove B2G ChildPrivileges
    • Wrote patch for bug 1400061 - Mac close-on-exec thing (because it was easier to fix than avoid)
      • This one had a FIXME from a Chrome dev from April 2009, and was fixed upstream in August 2009
    • Wrote patch for bug 1401790 - Remove ProcessArchitecture (unused now; Mac 32-bit NPAPI)


Round table

  • Meta bug for all sandbox escapes
  • Should we have a meta bug for privacy-related things we'd like for 59 (-> ESR -> Tor)?
    • Or 58 for Pwn2Own?
    • Resolved: yes for 59/Tor (maybe one already exists?), no for 58/P2O.
  • Elective @ Austin?