Security/Sandbox/2015-07-16

From MozillaWiki
Jump to: navigation, search

« previous week | index | next week »

Windows

  • GMP Sandboxing
    • Fix in bug 1184333, may point to the reason why the USER_LOCKDOWN token was causing problems on some systems (changed by bug 1177594).
  • NPAPI Sandboxing
    • bug 1180684 - Keyboard interaction for some games doesn't work with the low integrity NPAPI sandbox enabled - it's been decided this shouldn't block shipping the sandbox.
    • bug 1182411 - Flash settings menu doesn't work on windowless plugins with low integrity sandbox - this is because it still uses a window in the plugin process that has a window from the broker process as its parent, so the create fails. I have a working patch, need to do some more testing and then get review.


Linux/B2G

  • Content Sandboxing
    • bug 930258 (filesystem brokering, initially for B2G) has been un-bit-rotted and updated to current state of codebase; needs more work.
      • Found small bugs in Chromium and glibc in the process.
    • bug 1151632 (chrooting content processes to properly revoke direct FS access) proof-of-concept-ed.
  • Other Linux Work
    • Broke TSan builds (bug 1182565); patch will be small, but workaround (--disable-sandbox) is also small.
    • bug 1181704 (async signal safe logging) broke the static checking build for not using MOZ_IMPLICIT in imported code (see also below) and got backed out.


Cross Platform

  • Chromium Sandbox Code
    • bug 1183485 filed for not checking the Chromium code for MOZ_IMPLICIT.
  • nsWebBrowserPersist
    • The test breakage has been fixed.
    • bug 1179967 (not silently side-effecting the document) landed; 300 fewer lines of code to port.