Security/Sandbox/2015-07-16
From MozillaWiki
« previous week | index | next week »
Windows
- GMP Sandboxing
- Fix in bug 1184333, may point to the reason why the USER_LOCKDOWN token was causing problems on some systems (changed by bug 1177594).
- NPAPI Sandboxing
- bug 1180684 - Keyboard interaction for some games doesn't work with the low integrity NPAPI sandbox enabled - it's been decided this shouldn't block shipping the sandbox.
- bug 1182411 - Flash settings menu doesn't work on windowless plugins with low integrity sandbox - this is because it still uses a window in the plugin process that has a window from the broker process as its parent, so the create fails. I have a working patch, need to do some more testing and then get review.
Linux/B2G
- Content Sandboxing
- bug 930258 (filesystem brokering, initially for B2G) has been un-bit-rotted and updated to current state of codebase; needs more work.
- Found small bugs in Chromium and glibc in the process.
- bug 1151632 (chrooting content processes to properly revoke direct FS access) proof-of-concept-ed.
- bug 930258 (filesystem brokering, initially for B2G) has been un-bit-rotted and updated to current state of codebase; needs more work.
- Other Linux Work
- Broke TSan builds (bug 1182565); patch will be small, but workaround (--disable-sandbox) is also small.
- bug 1181704 (async signal safe logging) broke the static checking build for not using MOZ_IMPLICIT in imported code (see also below) and got backed out.
Cross Platform
- Chromium Sandbox Code
- bug 1183485 filed for not checking the Chromium code for MOZ_IMPLICIT.
- nsWebBrowserPersist
- The test breakage has been fixed.
- bug 1179967 (not silently side-effecting the document) landed; 300 fewer lines of code to port.