Security/Sandbox/2015-07-30

From MozillaWiki
Jump to: navigation, search

« previous week | index | next week »

Windows

  • Content Sandboxing
    • bug 1156742 - print to xps with low integrity sandbox - PoC using in memory EMF and then handing back to real device when printing completed (all still in the Child process). Also done with temp EMF file. Need to look into pagination, which AFAICT is not supported in EMF. Chromium seems to suggest (in code comments) that it uses GDI comments to fake this, but I can't see the actual code. Also, need to look into the other EMF issues they've worked around.
    • bug 1171796 - MOZ_LOG() and stderr from child process are not outputted into log file - landed for NSPR, but needs a follow-up to fix absolute paths (bug 1189352). Also, filed follow-up for stderr console logging problem (bug 1189223).
  • NPAPI Sandboxing
    • bug 1185529 - Flash AS2 Key.isDown recently broken - patch up for review (just fix for protected mode).


Linux/B2G

  • Other Linux Work
    • pid namespaces are difficult
      • Shared code between parent/child that's required to be linked into plugin-container because DRM; might need a new subdirectory and even more build complicatedness to deal with it.
        • (Can we just get rid of plugin-container?)
      • Need an NSPR release; need to deal with cosmetic getpid()s; need seccomp tsync support; etc.
    • pid namespace separation is the one thing Chromium renderer processes have that GeckoMediaPlugins don't have yet (on Linuxes with unprivileged user namespace support; void where prohibited, etc.)


OS X

  • Content Sandboxing
    • Fixed bug 1175881, which required a minor change in the sandbox rules.


Cross Platform

  • WebRTC/OpenH264 Sandboxing
    • Adressing review comments.
    • Needs performance comparison for r+. Ran into a WebRTC bug.
    • Awaiting IPC protocol review.
  • nsWebBrowserPersist / "Save As"
    • Have review; changes being applied; should land this week.