- bug 1287426 - Update security/sandbox/chromium/ to Chromium stable channel version 49.0.2623.112
- bug 1259601 - Add sandbox status to about:support (added security.sandbox.content.level for all OS)
- uplifted to Aurora
- bug 1259087 - Add Windows sandboxing information to Telemetry (added security.sandbox.content.level to environment for all OS)
- landed and uplifted.
- bug 1301034 - Log when non-static file policy AddRule calls fail in Windows SandboxBroker
- this is for GMP problem diagnoses mainly, I'll pick up this week.
- Started looking at a separate process for file:// URLs, have rough understanding of the js/c++ code associated with this now, nothing working yet. Need to find an appropriate bug to take.
- Currently at the WW in Berlin (somewhat limited in my time)
- bug 977786 - reviewed nsProfileLock test
- bug 1289718 - Construct policy - looking at patches from :gcp for review (not quite done yet)
- bug 1104619 - Remote audio - making some progress
- bug 1228022 - Trigger print jobs from the parent instead of the child for OSX - working on code review feedback
- bug 1290619 - Content sandbox rules should use actual profile directory, not Profiles/*/ regex's - re-review done, should be ready to land today
- bug 1299329 - Remove printing-related privileges from content process sandbox - testing with things that sound print-related removed
- Reviewing patches for bug 1289718
- Finished up filesystem broker (bug 1289718)
- Reviewing XRemote patches
- Updated desktop
- bug 1251202 - Implement Default Audio Device Notifications for NPAPI plugins on Windows
- At the testing phase
- Might have made a few funky architectural decisions to clean up
- bug 1241250 - Prezi frozen at loading on fresh profile with latest Nightly 64 bits
- Just in : Looks to be fixed downstream by Prezi...
- bug 1299611 - Adding policy rules to the Windows sandbox can cause a buffer overrun
- Passed to Chromium to be patched upstream
group update from the security team (Summary)
- manual auditing message manager
- Investigating options to write a fuzzer to test message manager
- Auditing IPDL
- Starting manual review process
- Need to prioritize getting chromium fuzzer ported to give the ability to test firing specific IPDL from child to parent
- File Usage Investigation
- lldb/scripting based approach to dump file usage (names and stack traces)
- kate has wrote some scripts which can be used to help investigate file syscall usage (dump stacks/filenames from lldb). Private repo for now (WIP, contact for access) will publish in the future.
- Findings collected in https://docs.google.com/a/mozilla.com/spreadsheets/d/1hYJ_6YooHqISteeObO2kq_ywQxkHYl5PMVRbxI1jBFE traces tab (in progress)
- Closer to complete security model
- Still some specific areas outstanding (TLS, addons esp. addon SDK notably)
- publish to wiki and integrate with existing content
Maintaining a secure sandbox
- point of a approval for landing?
- sandbox changes
- architectural changes which impact sandbox (e.g. changes to remoted APIs which move security boundaries)
- continue auditing the code to determine if gecko parts conform to security model
- First pass of IPDL audit, complete message manager audit
- engage additional resources to get chromium fuzzer work started
- fuzzing is working on fuzzer for message manager (aim to complete this month)
- get the security model up onto the wiki
- bug 1186187 - SandboxMirror kernel extension to help reverse engineer Apple's sandbox implementation