Security/Sandbox/2018-04-05

« previous week | index | next week »

jld

• bug 1323302 - The sudo bug; have review feedback.
  • Ubuntu is sudo'ing firefox in their updater(‽): https://bugs.launchpad.net/ubuntu/+source/ubuntu-release-upgrader/+bug/1174007
• bug 1450740 - Running as a Snap package has been broken for months
  • They flipped media.cubeb.sandbox, which is… not ideal
    • https://bugzilla.mozilla.org/show_bug.cgi?id=1449594#c19
  • Landed; will request uplift
  • See also https://forum.snapcraft.io/t/xorg-abstract-socket-is-mandatory-for-running-snaps/4580/7
• bug 1450531 - Build failure on ARM; turned out to be pilot error.
  • On the plus side, building on an unsupported architecture will just fail now, as a side effect of adding SandboxReporter, instead of maybe semi-working
• Fuzzing reviews/triage
• Advice on /proc-less operation (Tor)

gcp

• bug 1434711 WebGL causes a crash with the AMDGPU-PRO video driver
  • Fixed
• Reviews
• bug 1129492 Firefox content process has a live connection to the X11 server.

Alex_Gaynor

• IPC fuzzer
  • First sec finding!
  • It works!
  • Working on tuning it now (added a message-type blacklist to avoid generating messages that are known to crash)
  • bug 1450047 - updated in tree copy of libFuzzer
  • https://reviews.llvm.org/D45322 - upstream bug in libFuzzer
  • Going to get a patch up on phab later today and start breaking out all the random hacks I've layered around the codebase
  • Still a handful of design issues I need to cycle back on (e.g. some things MOZ_ASSERT because they expect to be on a worker thread)
  • Need to generate a coverage report and see what it looks like
  • There's a file descriptor leak I think

haik

• bug 1437281 - OSX dragging image to desktop changes OSX File associations
  • Landed
• bug 1448374 - Loading a .javascript file from a WebExtension's web_accessible_resources messing with macOS file associations
  • Landed
• bug 1448161 - Firefox changes default .txt app from TextEdit to Console (OS X)
  • Probably a dupe of 1448374, need to confirm
• 1433577 bug 1433577 - [Mac] Enable sandboxing for the Flash NPAPI plugin process on Nightly
  • Landed, limited to Nightly
• bug 1395504 - Infinite hang of web content process when parent process crashes...
  • Started trying to figure out what's going on here, need to understand more about how breakpad works in Mac Firefox

tjr

• Working on Tor Network Planning w/ mcmanus
• bug 1434316 MinGW x64 Build
  • Working on getting a debug build with symbols that _can_ run so we can figure out why it _doesn't_ run
• Think I've agreed to implement SameSite Cookies....
  • bug? bug 795346 (patch on bug 1286861)
• Other small and various bugs

bobowen

• bug 1449480 - Crash in logging::LogMessage::~LogMessage
  • Fallout for crashing where we're supposed to in chromium sandbox code.
  • Had to change a CHECK to a DCHECK for now.
  • I've realised that the handle verifier in the chromium sandbox code isn't turned on in release for chromium.
  • Also when it is turned on they have hooks enabled to track all other handle closing.
  • I have a patch for this, should be up for review soon.
• Bug 1447019 - Use MITIGATION_WIN32K_DISABLE flag for GMP process.
  • Landed this but have had to pref it off for now due to intermittent test failures.
• Continuing to look into the canvas code.

handyman

• bug 1366256 - NPAPI sandbox level 3
  • should now be able to provision win10 loaner
• bug 1436972 - Properly maintain audio session ref count
  • uplifted
• 2 plugin sec bugs
• bug 1446499 - FunctionHook::HookProtectedMode should be persistent
  • in review
• bug 1450773 - Block restricting SIDs in plugin processes except in nightly
  • Weakened sandbox so that audio device changes are recognized
  • uplifted.
  • We can restore this at any time once Adobe fixes issues.
• bug 1450708 - Crash in FunctionBroker
  • Looks like weird ConditionVariable behavior. Docs are too spare to know.

Round Table

• Workday goals for Q1 not required
• waiting on guidance from hr on what to do for Q2 and beyond
• Windows cubeb audio remoting completion pushed back to end of Q3 on Windows.
  • Wondering if this might block win32k lockdown switch
  • OSX recently turned on but backed out shortly after due to perf issues.
  • (Linux: audio remoting blocked network/socket isolation, without which we basically don't have a sandbox)
• WebGL remoting discussion
• Mac Nightly now using OOP Extensions on Mac
• From Jeff Wednesday - "We can't quite bind right at webidl, since we need to work with some content-side objects like images and videos. We need a light marshalling layer there for objects anyways, I think. Most webgl webidl entry points will likely become shims though. I'll try to get you a starting point this week."