Security/Sandbox/2016-04-28
From MozillaWiki
« previous week | index | next week »
bobowen
- bug 1258609 - Crash while printing via parent with pdf.js , about:memory shows large heap unclassified - landed
- bug 1035125 - On Windows, plugin-container.exe is linked against the sandbox_s library twice - turned into a fight between crt allocation and jemalloc, had to get rid of all the crt static linking to keeping it working when compiled with VS2013 - nearly there.
- Looks like I've broken printing with the hidden pref print.always_print_silent in some circumstances on release. Waiting for new bug filed with some printing prefs from the user.
- Also realised while doing bug 1035125 the we can't have alternate desktop and winstation on GMP and alternate desktop and not winstation on content.
haik
- bug 1267453 - 1 line patch posted, add new hole in sandbox, working on confirming the Chromium plugin sandbox does the same
tedd
- bug 1176099 - gmain signal blocking - messed around with unit tests, finally landed today
- bug 1259508 - sys_clone violation - some discussion, seems like audio is no problem to do early init, get the feeling the same thing applies to the ProxyService, talk about remoting it
- bug 742434 - enable seccomp on nightly - still depends on 579388 (nsOSHelperAppService remoting), didn't run into problems there, do we still need to depend on it?
aklotz
- No sandbox updates this week
GCP
- Looking at Linux with MOZ_PERMISSIVE_CONTENT_SANDBOX
- Will try to set up basic policy that isn't all allow
- Sandboxing Telemetry
- https://bugzilla.mozilla.org/show_bug.cgi?id=1187099
- Idea: could we fake the $profile dir we give to addons and move them under a subdir that we whitelist?
- Would require knowing which are "Firefox" files and which ones not so those aren't moved.
round table
- e10s and sandboxing update session
- meeting or session space in London?