Security/Sandbox/2015-01-15

From MozillaWiki
Jump to: navigation, search


« previous week | index | next week »

Standup/Status

Windows

  • Content Sandboxing
    • bug 1121028 - Crash during the content sandbox startup on 64-bit, couple of times on inbound and 5 crashes with the same signature on crash-stats. It is during the part where the broker process writes to the memory of the child process to patch in the function interceptions.
  • GMP/EME Sandboxing
    • bug 1094370 - USER_LOCKDOWN - this was failing because it attempts to create an activation context during the dll load, because the clearkey dll is a side by side assembly. Creating one for the dll before the sandbox is engaged seems to work but not sure how much of a hack this is.
    • bug 1121479 - turning on the initial process-level mitigations as recommended by Carlos from Chromium, these don't appear to cause any problems.
    • cpeterson: GMP sandbox security review: dougt and dveditz haven't recommended anyone for a Windows security review, so I'm going to follow up with Windows wizard dmajor to see if he has time to help.

Linux/B2G

  • Content Sandboxing
    • bug 1068838 (setting |value| on file input fields in mochitests) is basically done.
      • TODO: file followup bugs for SessionStore and maybe removing that use of the setter entirely.
      • (Convenient bonus: can remove skip-if=e10s from those tests now.)
    • bug 1034143 (the jar URL thing) has a patch that's suitably async and passes tests; needs cleanup and review.
  • GMP/EME Sandboxing
    • Debate continues over the fate of non-CONFIG_SECCOMP_FILTER kernels with respect to OpenH264.
  • Other Linux work

Mac

  • Content Sandboxing
    • Fixing last minute issues with 10.10 specific rules, testing etc
    • Following discussions with bsmedberg, content sandboxing will not be enabled on 10.6 to 10.8 until later this year when e10s is more stabilized. Too many things happen in the content process for now that should happen in the main process.
      • need to file bugs for the 10.6–10.8 issues?
  • GMP/EME Sandboxing
    • bug 1118827 (crashing GMP plugin), mentioned last week, turns out to be the result of a setting to deliberately crash the plugin.


Actions

  • cpeterson to follow up with dmajor about Windows security review.