Security/Sandbox/2014-09-25

« previous week | index | next week »

25 September 2014

Standup/status

• Windows sandboxing
  • GMP/OpenH264/EME
    • Work ongoing in bug 1066326 to pre-load system DLLs specified by the EME plugin
  • Content
    • Bug 1067301 - add --content-sandbox option - landing
    • Bug 1067312 - create low integrity TEMP at start - landing
    • Bug 1068000 - add chrome.* pipe rule to policy - landing
• Linux
  • socketpair bug: waiting on upstream; will shortly stop waiting
  • Telemetry incident:
    • Beta is unrepresentative
    • …but we should improve the UX a litlte, like hiding from about:addons
  • User namespaces: we're up to ~2/3 of Desktop. Thanks, Ubuntu!
• Testing
  • need test plugin in tree that makes same API calls as Adobe CDM
  • need (preliminary builds of) Adobe's CDM
• EME
  • eflores has decrypt-only ClearKey CDM for shipping
  • cpearce has an example decrypt+decode CDM for sharing with partners
  • eflores will patch his in-tree ClearKey CDM to call the APIs that Adobe's CDM will
  • QA will want a malicious CDM to test the sandbox.
  • Do we need test machines with monitors?
  • QA may need to run manual tests with monitors if we can't automate it
  • need downloadable Plugin Host (without XUL) but not for Windows release
  • sandbox voucher for statically-linked XUL in plugin container?
  • what parts of libxul does the plugin host need?
  • Output Protection?
  • preloading relevant Windows DLLs in sandbox seems to work

Round table

• Q4 goals: EME and content sandboxing: Windows, Mac, and Linux

Actions

• Tim to schedule a meeting with gcp and jesup about WebRTC and content sandbox
• eflores will patch his in-tree ClearKey CDM to call the APIs that Adobe's CDM will
• cpearce will ask Adobe:
  • for preliminary CDM builds
  • how they feel about plugin host dynamically loading libraries (like libxul) for sandbox vouching