Security/Sandbox/2014-11-20

From MozillaWiki
Jump to: navigation, search


« previous week | index | next week »

Standup/Status

Windows

  • Content Sandboxing
    • bug 928044 - Still waiting on reviews to land the weak content sandbox
  • GMP/EME Sandboxing
    • Working on tightening the GMP sandbox, in particular bug 1027902, but that requires bug 1041775.
    • bug 1098186 - Adobe say they have used another way to get entropy and no longer need \Dev\KsecDD
    • Sent an email to Justin Schuh over the GMP Security review - bug 1066855.

Linux/B2G

  • Content Sandboxing
    • Needs some work. Issues found with a try run: audio drivers, DBus?, …
    • (Crash reporting on x86 desktop is not as nice as I'm used to on B2G.)
  • GMP/EME Sandboxing
    • Sandbox move to plugin-container: ready for review. bug 1101170
  • Other Linux work
    • Next up: scary change to Linux sandbox startup. bug 1088387

Mac

  • GMP/EME Sandboxing
    • Mostly waiting for a CDM binary from Adobe to test with. Realistically we don't expect that before 2015.

Chromium

  • bug 1041775 - Landed update (to 25/7/14) of chromium sandbox code, but just backed out because of Windows PGO bustage.

EME

  • cpearce has ClearKey CDM working with MSE in Nightly.
  • Windows node id landed
  • extending ClearKey CDM to use WMF platform decoders
    • Edwin's bug 1075199
    • have automated gtests
    • cpearce's out-of-tree plugin is not up to EME spec, but is useful for CDM partners because it is a standalone build.
    • someone on the media team (other than edwin) can extend ClearKey CDM to support OS X decoding APIs. OS X native APIs are not that useful to test because Adobe bundles their own SW decoders for OS X and Linux.
  • do mochitests download OpenH264 plugin??
    • No. The H.264 mochitest uses the "fake" plugin in dom/media/gmp-plugin (which isn't actually an H.264 implementation; it's just to test that the negotiation/infrastructure works). It's also marked as being an EME CDM, which is why it fails on Linux if sandboxing isn't supported; the real OpenH264 works fine.

Round Table

  • The next Pwn2Own is 2015-03-18 and will probably test Firefox 36. Are there any sandboxing related changes, independent of e10s, that we want? The Nightly 36 merge date is end of next week.
    • No