Security/Sandbox/2014-09-04

« previous week | index | next week »

4 September 2014

Standup/status

• Windows sandboxing
  • Content
    • Bug 1018966 - Warn only sandbox - landed and backed out today. NS_StackWalk not available in all builds, so need to add some #ifdefs. Should land tomorrow.
    • Bug 1018988 - Temp directory - patch pretty much ready for review. Now creates a temp directory under AppData\LocalLow\Mozilla called MozTemp-{<UUID>} and sets the DirectoryService's TmpD to this. Also updates TEMP and TMP env vars. Removes directory on shutdown.
  • GMP/OpenH264/EME
    • Bug 1027906 - Increased sandbox security - Landed in time for merge, will likely be uplifted to Firefox 33 (currently Beta)
    • Received new info from Adobe (via cpearce) about APIs that are required to work from the EME plugin (Output Protection/HDCP APIs). Currently investigating making those work with the Windows GMP sandbox
• Linux/B2G
• Mac sandboxing
  • smichaud uplifted Mac sandboxing patches to the 33 branch. List at https://bugzilla.mozilla.org/show_bug.cgi?id=1012949#c110.
  • bsmedberg asked André about sandboxing the Firefox chrome process itself
  • GMP > EME > content process sandbox > chrome process sandbox?

Round table Actions

• blassey to create mailing list for sandboxing - service-now ticket create
• tabraldes or smichaud to forward email from cpearce RE Output Protection/HDCP