Security/Sandbox/2018-03-22

From MozillaWiki
Jump to: navigation, search

« previous week | index | next week »

tjr

  • [Spectre] Timer Stuff
  • bug 1378552 Audited usages of NullPrincipal::Create for OA bypasses
  • Was thinking about Static Analysis for 'things one should be careful of.'
  • Disabled MinGW build on -central because of stylo
  • Going to spending a bit of time starting next week doing Fusion investigation (whoo!)
  • Updated the Security Wishlist Doc: https://docs.google.com/spreadsheets/d/1Yq-e-0psWVV1IiicAaWiSo1PByiIgIY8lxS_Y4BIN0w/edit#gid=0
  • Pwn2Own Doc
  • Think I found a contractor for OSX sandbox work
  • Updated the Third Party Library script for identify libraries we don't have checks for based off ThirdPartyLibraryPaths.txt (there are 43)

gcp

  • X protocol stuffs
    • turned into bug 1439875 stylo: Size the XUL window before starting layout.
  • bug 1438215 Sandbox breaks ATI fglrx driver
  • bug 1434711 WebGL causes a crash with the AMDGPU-PRO video driver
  • bug 1445664 Update firefox.js comments about Linux sandboxing. r?jld

jld

  • Sandboxing-related needinfos are handled, bugs filed, etc.
    • Wrote a SUMO article for the audio breakage.
  • Shared Memory
    • bug 1440199 - Remove named shared memory; landed
    • bug 1439057 - Have patches for blocking /dev/shm; need to fix non-remote audio and post
    • Also realized that using shm_open lets us delete (almost) all 1200 lines of file_util, and mostly have patches
      • …except for Android.

bobowen

  • bug 1445167 - Make chromium sandbox CHECK and LOG_FATAL messages crash the process.
    • Landed. Haven't seen anything on crash-stats yet. Might uplift depending on below.
  • sec bug.
    • I've been trying to reproduce, with no success.
    • Some idea that it might be helped by bug 1445167, but that would only make it safe, not explain what's caused it.
    • Might need to back-out some of the latest chromium update, but difficult to see which part might be causing it.
  • Bug 1447019 - Use MITIGATION_WIN32K_DISABLE flag for GMP process.
    • Seems to work OK once one initialisation call is removed from the child when GMP.

Alex_Gaynor

  • bug 1348361 - landed making process spawning non blocking
    • bug 1446900 - changed the way we fail when we can't spawn a child process
    • bug 1446161 - opportunity for making the most of this, follow up bug
  • filed a handful of IPC security bugs
  • Getting started on IPC fuzzing
    • Mostly understand the structure of IPC
    • Seem to have reached agreement with the fuzzing folks on the right strategy
    • Getting a dev env setup for fuzzing (requires a newer clang than what debian has)

haik

  • bug 1437281 - OSX dragging image to desktop changes OSX File associations
    • Got more codereview feedback
  • bug 1444291 - [Mac] Allow filesystem read access for the Flash sandbox so that file dialogs work
    • Landed on Nightly, sent dev-platform notice
  • Researching OS X dialog/security/sandboxextensions
  • bug 1432567 - [Mac] Add a test that renders fonts from non-standard directories
    • VPN issues really resolved now, reproduced failure on loaner, need to figure out how to just one one test
  • bug 1447570 - [Mac] Add tests for the Flash Sandbox
    • Started looking into

handyman

  • bug 1366256 - NPAPI sandbox level 3
    • opt test failure in automation due to sandbox
  • bug 1436972 - Crash in CLockedList::ForEachEntry
    • Believe this is a thread issue from the volume slider hack
  • bug 1445471 - Crash in EndpointHandler::Copy
    • uplifted to beta

Roundtable

  • Chromium is doing a trial of site isolation on their beta channel