Security/Sandbox/2014-11-13

From MozillaWiki
Jump to: navigation, search


« previous week | index | next week »

Standup/Status

Windows

  • Content
    • bug 928044 - Windows content sandbox on by default with open policy - still waiting for review from bsmedberg - will ping in IRC
  • GMP/EME
    • bug 1098186 - to add read only access to \Dev\KsecDD. Believe that adobe plugin is using this to get random data.
    • bug 1094370 - move to using USER_LOCKDOWN - breaks some of cpearce's manual tests, need to investigate.

Linux/B2G

  • Sandbox info now shown in [about:support#sandbox].
    • add to telemetry and FHR, too?

Mac

  • Content
    • content process is trying to create surprising temp files, access IPC
  • GMP/EME
    • Waiting for Chris Pearce's patches at bug 1088848 to land, to make sure Mac GMP still works properly. Also waiting for Adobe to start work on its Mac CDM, and provide us a copy to test with.

All

  • Windows and Linux Chromium Sandbox merge:
    • Managed to get Windows working with very recent code, but ran into problems with Linux. Trying the merge again from July, which still has the particular Windows fix we want and hopefully won't have the same Linux issues.
    • Related: B2G GCC upgrade bug: bug 1056337
    • Need to get all the code to match the structure of the Chromium code afterwards, to aid future merging.