Security/Sandbox/2017-11-09

« previous week | index | next week »

Alex_Gaynor

• bug 1414834 - reland of the print IPC fixes + refactoring print-selection to behave more like other printing code paths
• bug 1414936 - Extremely low frequency crash in printing; still don't understand the cause and no clue how to reproduce. Putting on hold ATM.
• bug 1415379 - Reviewed a change to which directories we allow read from in test. Code itself was fine, but I don't understand why it'd be affecting just one person and they hadn't noticed until now
• bug 1407693 - Don't create files in content process in the crashreporter

bobowen

• bug 1400637 - Crash in mozilla::layers::ImageBridgeChild::InitForContent
  • Landed a couple more DLL blocks, going to try again on Beta.
  • I suspect we'll have to back-out the Alternate Desktop, some AVs (like Quick Heal AV's Browser Sandbox for 32-bit) give a perma-fail.
• bug 1366701 - Chromium sandbox update.
  • Patches up for review.
  • Separate blocking bug 1415569 filed to bump Win10 SDK requirement to 10.0.14393.
• bug 1403931 - USER_RESTRICTED for content.
  • Started looking at this, initial problem hit with the stack trace logging, which looks like it might have regressed.

gcp

• Blogging: https://5232577621384962517_d7c88e4cb8a2f81346cc67e564f18e51d0673fde.blogspot.com/b/post-preview?token=Xwo7o18BAAA.Rn-dEwax-jQyxfzrsa8XR8_6fhGviXJXa2s-S0ZOU-noRfIRjj_QmJjGiZhvvR_wjJfK8ffaAYleD0zg8qYe0w.iVnmDTPaUs-jPLn8uKGG-g&postId=3530243656651481638&type=POST
• bug 1386404 - The /tmp bug; rewrote, and rewrote, etc.
• TMPDIR replacement causes PulseAudio to fail: investigating - why was this not a problem before?!
  • jld speculates that this might be cubeb remoting connect()ing to the wrong path
• https://docs.google.com/document/d/183hUxiuavpc90aIxF771VOwU7EE9AKZalsIJOpQbVes/edit?ts=5a034e3a

haik

• bug 1393259 - Tighten font rules in the Mac content sandbox
  • Got MacOSFontEntry::GetFontRef() remoting through the parent
  • but that's not sufficient so still debugging which other code paths need it
  • Have you seen {Bug|1412090]} }Some Fonts Display as Blank due to content-process sandbox

jld

• Landed various things from last week (syscall arg size, inotify regression, sched_get_priority_m*)
• bug 1386404 - The /tmp bug; reviewed, re-reviewed, etc.
• Investigated/discussed the problem with ProfD/features and Cliqz
  • Found that it's just "features" and we probably won't have an endless series of surprises like this from system add-ons
  • Not sure what's going on with bug 1376814 now — if system add-ons were never in ProfD/extensions, then ????
• Discussed possibility of executable memory restrictions on Linux
  • Could theoretically work but would be difficult — no way to inject mappings like Windows maybe(?) can
• Looked at the patches on bug 1366701 (chromium update) but not the 700 kB of upstream changes, yet.
• IPC: took a stab at bug 1245239, to answer needinfo on bug 1410363

handyman

• bug 1382251 - Brokering https in NPAPI process
  • basically ready for review
  • dll interceptor failures
    • looking into removing/restricting a few of the APIs
• planning a quick list of the issues with hardening NPAPI

Round table

• Bug 1192921 - Create a new install location for system add-ons (features sub folder)
  • Bug 1415832 - Sandboxing whitelist for $PROFILE/features
• Bug 1401721 - Crash in mozilla::dom::ContentChild::~ContentChild (can we close this?)
• Desktop release notes only mention Linux sb improvements - want to add mac/win?
• Interesting and well-commented part of a ChromeOS exploit chain that they paid 100k USD bounty for:

   https://chromium.googlesource.com/chromium/src/+/c050720e317e5223bcbdcaafb816befa789ceaa9%5E!/