Security/Sandbox/2016-08-18

« previous week | index | next week »

bobowen

• bug 1287426 - Update security/sandbox/chromium/ to Chromium stable channel version 49.0.2623.112 - problem with USER_NON_ADMIN access token level - uploaded a patch which makes the USER_NON_ADMIN token a restricted one with the same access, see what aklotz thinks of this work-around.
• bug 1259601 - Add sandbox status to about:support (added security.sandbox.content.level for all OS) - on inbound.
• bug 1259087 - Add Windows sandboxing information to Telemetry (added security.sandbox.content.level to environment for all OS) - reviewed waiting for feedback from bsmedberg for data collection review.

haik

• bug 1228022 - Trigger print jobs from the parent instead of the child for OSX - it's working, but font nametable part not done yet
• bug 1290619 - Content sandbox rules should use actual profile directory, not Profiles/*/ regex's - in code review
• bug 1286480 - [10.12] Widevine CDM always crashes on Amazon since upgrade to macOS Sierra - fixed on nightly and aurora

aklotz

• Re bug 1287426 - New COM MainThreadRuntime stuff is messing with sandbox impersonation token. I've asked Bob to experiment a bit more with how this interaction works.

gcp

• bug 1296309 Remove unused syscalls from the seccomp whitelist
• bug 1289718 - Enforce absolute paths for file access. r?tedd

Roundtable

• bug 925471 Dedupe Chromium's base library in security/sandbox with ipc/chromium/src's copy
• OS X profile directory read/write protected, milestone1?
  • https://bugzilla.mozilla.org/show_bug.cgi?id=1221148