Security/Sandbox/2015-05-21

From MozillaWiki
Jump to: navigation, search


« previous week | index | next week »

Windows

  • Content Sandboxing
    • bug 1162327 - MozTemp is not deleted - landed, although it required a couple of follow-ups, one landed, one waiting for review.
    • bug 1166669 - Enable process-level mitigations for the Windows content process sandbox - try push for this doesn't seem to introduce any new problems, will probably look at adding for level >= 1, so on by default in Nightly.
    • bug 1090454 - Trigger print jobs from the parent instead of the child - taking an initial look
  • GMP Sandboxing
  • NPAPI Sandboxing
    • bug 1165891 - NPAPI 64-bit sandboxing tracker
    • bug 1123759 - Set low integrity on NPAPI processes for Windows sandboxing policy - try build for this - has a positioning issue for windowed plugins (see below bug 1165903) and breaks some crashtests (bug 1165895), which I haven't looked into yet.
    • bug 1165903 - Windows Low integrity sandbox causes windowed plugins to be position at 0,0 - I have a "proof of concept" fix for this for non-e10s, will start looking at landing these patches and working on an e10s fix.
  • Other Windows Work
    • bug 1146874 - Firefox crash when sandboxed process start fails - uplifted to Aurora and Beta

Linux/B2G

  • Content Sandboxing
    • SysV IPC is horrible but we might not need to care. bug 1129492 comment #8 explains in more detail.
  • GMP Sandboxing
    • GMP not breaking inside Docker will soon be uplifted to Aurora 40.
  • Other Linux Work
    • bug 1055310 needed a lot of work from the old bit-rotted proof-of-concept patches, but is almost ready for review.