Security/Sandbox/2017-01-26

« previous week | index | next week »

bobowen

• bug 1317293 - Add remote type match check to nsFrameLoader::SwapWithOtherRemoteLoader
  • Landed.
• bug 1317921 - Handle nested file URIs with the file content process
  • Patch nearly ready, just need to write a test as well.
• bug 1327942 - Browser can't load the page (urlbar and title twitch between 2 values) if it tries to access renamed local file
  • Landed.
• bug 1328829 - Can not open a local HTML file in a view-source tab
  • Patches up for review.
• Working on review for bug 1284897.

tedd

• bug 1329216 - crash on 'print' dialog
  • submitted a patch, having trouble testing the patch due to CUPS
  • patch builds and I can print to file, so that works
• bug 1325647 - automated bound checking for integers in IPDL
  • got feedback from :billm, cleaned up patch, asked for review
  • need to work on a strategy to get people to use it

gcp

• bug 1330326 Make sandboxing policy more configurable via preferences
• Slowly making actual progress on X11 proxy

haik

• bug 1332522 - [Mac] remove ~/Library read restriction from file content process sandbox
  • Patch ready for review
• bug 1333681 - [Mac] Level 2 profile directory read restrictions don't work for profiles in /var/folders
  • Need to resolve devtools test failures due to how they store files in profile dir
• bug 1329822 - file:// documents can't use <a download=foo.txt> to set a download name/force a download
  • Should have patch ready today

jld

• Assorted sandbox/IPC reviews
  • Filed / reviewed / gave slightly bad advice about bug 1332501
  • (and other bugs)
• bug 1286865, syscall reporting: added timestamps, some cleanup
• No bug yet: pref for crashing on rejected syscalls; mostly written, not tested
  • "security.sandbox.seccomp-bpf.crash-on-error" may need a different color of bikeshed paint

handyman

• bug 1284897 - 64 bit Flash Player has storage permissions issues
  • patches in review
• bug 1317735 - Consolidate env vars for logging
  • landed
  • Pref: "security.sandbox.logging.enabled" -- currently defaults to 'on'
  • Env var: "MOZ_SANDBOX_LOGGING"
  • Linux (still) doesn't support the pref security.sandbox.logging.enabled
  • uplift to aurora?
  • Write new patch to turn off by default on Windows

round table

• Triage linux sandboxing milestones
  • (sblc2) https://bugzilla.mozilla.org/buglist.cgi?quicksearch=whiteboard%3Asblc2&list_id=13407265
  • (sblc3) https://bugzilla.mozilla.org/buglist.cgi?quicksearch=whiteboard%3Asblc3&list_id=13407284
• bug 1026867 - Does it still need to be hidden? Also we should “fix” it for desktop at some point, because we (probably) can.