Security/Sandbox/2016-03-03

From MozillaWiki
Jump to: navigation, search

« previous week | index | next week »

Windows

  • Content Sandboxing
    • bug 1245309 - D3D11CreateDevice fails with E_FAIL in sandbox - another repro, but still not confirmed if same people have problem in chromium gpu process - dvander/mchang to check next week.
    • bug 1253247 - Attempting to print silently from the child causes a crash as there is no RemotePrintJob - patch up for review.
    • {bug|1189846}} - Print Edit 15.10 and bug 1236015 - Windows 10 print to PDF bug - looking through how more of printing works to work on fixes for these. In particular print progress and not accessing print devices in the child.


OS X

  • Content Sandboxing
    • bug 1237847 - [e10s] Null deref crash when running test_pluginstream_newstream.html -- Landed


Cross Platform

  • Content Sandboxing
    • bug 1236108 - Sandboxed tmp paths need to be hooked up to system APIs to be picked up by crash reporter -- Under review
  • WebRTC/OpenH264 Sandboxing
    • bug 1207431 Intermittent leakcheck | default process: 600 bytes leaked (CondVar, Mutex, nsRunnable, nsTArray_base, nsThread, ...)
    • bug 1252647 New: Intermittent e10s LeakSanitizer | leak at NewPage, nsEventQueue::PutEvent, take, nsThread::PutEvent
    • bug 1249365 Latest Nightly 47.0a1 breaks Hello - No camera/microphone found
  • Chromium IPC Code
    • bug 1236358 - Picked up this bug
    • bug 777067 - (fuzzing-ipc-ipdl) Fuzzing: IPC Protocol Definition Language (IPDL) Protocols -- Investigating the unfixed bugs this still depends on -- Hard to tell the impact of instances of assertion failures, need non-debug analysis/testing

Round Table

  • Can we shift this meeting back to the top of the hour?
  • Are environment variables the best way to allow the sandbox to be turned off/weakened for testing? Chrome uses and command line switch I believe.
    • We're using JS prefs right now no? (Minus the DEBUG_CONTENT mess)
    • Clarified this is about pref to allow lowering sandbox protection
  • Child writable prefs.
  • Tracking Proposal
    • Whiteboard tags
      • sb+ = bugs we don’t want to lose track of but do not block: test failures, future, bugs we can’t reproduce, etc.. Will eventually be re-triaged before a rollout.
      • sb- = not tracking: unrelated to core goals, b2g specific
      • sb(o)(p)1 through sb(o)(p)n = sandbox release milestones. individual sandbox milestones (OS - o = w - Windows, m - Mac, l - Linux, Process type - p = c - content, g - GMP, n - NPAPI) that have different target dates. Simply a way of generating a list of bugs that block a specific sandbox or feature rollout.
      • sb? = bugs that needs to be triaged by the team on a weekly basis (tb replaced with plat-int tracking flag at some point)
      • meta: good general organizational bugs, need to make sure they are tagged with ‘meta’ so we can filter them out of buglists.
    • platform info: set appropriate platform information on individual bugs (win, mac, linux, all)
    • block goals tied to trains to keep the momentum.
  • Define two starting milestones for each platform:
    • Windows (content)
      • sbwc1 - Let the level 1 (low integrity) sandbox ride the trains
      • sbwc2
    • Windows 64 (NPAPI plugin)
      • sbwn1
      • sbwn2
    • OSX
      • sbmc1 - example: Enable basic sandbox on Nightly?
      • sbmc2
    • Linux
      • sblc1 - example: Enable basic sandbox on Nightly?
      • sblc2
Retrieved from "https://wiki.mozilla.org/index.php?title=Security/Sandbox/2016-03-03&oldid=1121302"