Security/Sandbox/2015-07-02

Content Sandboxing
- bug 1169208 - set-up low integrity temp off main thread - have a patch for this, but doesn't seem to make a difference on Talos. Need to change the whitelist to allow wildcards for the shutdown test failures.
- bug 1171796 - MOZ_LOG() and stderr from child process are not outputted into log file - patch to add policy for file is nearly ready.
- bug 1156742 - print to xps with low integrity sandbox - having talked to jrmuizel at Whistler, using EMF files sounds like the simplest solution for Windows and it may not make much difference from a cross-platform point of view.

GMP Sandboxing
- bug 1177594 - Use a USER_RESTRICTED token level on GMP process when integrity levels are available - landed.

NPAPI Sandboxing
- bug 1123759 - Set low integrity on NPAPI processes - posted to dev-platform, haven't heard of any issues yet. Also just requested in the bug for an adobe QA person to test with their test suite. I'll look at uplifting to beta next week. Then we need to think about whether we turn it on by default for 40.

Camera Access Sandboxing
- Addressing review comments from jesup and bent
- Queue/circular buffer for shared memory to avoid video frame capture
- IPDL changes suggested by bent

Whistler Roundup: Discussion of the high-level security impact of sandboxing
- dveditz pointed out that sandboxing doesn't stop vulnerabilities, it stops exploits (i.e., you can still take over the process; it just limits what can be done after that and how)
- General reminder that code execution in sandbox is still UXSS (except not the entire system principal)

The fate of audio remoting (and GPU remoting).
- Windows won't want audio remoting until GPU remoting is also possible.
- GPU remoting will eventually happen (we think), but timetable might be on the order of years.
- On Linux, as discussed previously, audio device access is difficult to accomodate in a sandboxed process (especially if PulseAudio), but this needs more investigation.

Navigation menu