Security/Sandbox/2017-04-27

« previous week | index | next week »

haik

• bug 1334550 - Proxy moz-extension protocol requests to the parent process
  • Posted for review, will add comments describing security strategy
  • https://treeherder.mozilla.org/#/jobs?repo=try&revision=fbc8e77ebced045b3f48536971fc055aa769a466
• bug 1360223 - Test dom/plugins/test/mochitest/test_bug406541.html fails without home directory read access
  • New bug to be resolved before removing read access
• Removing /private/var
  • Clean on try, but hitting some printing issues, recorded stream written to /private/var

bobowen

• bug 1360029 - Crash in TppCallbackCheckThreadAfterCallback
  • Low level crash - looks like this is the sandbox.
  • Haven't tried to reproduce yet (windows profile on network drive).
  • Asked for mozregression as seems to be fixed in Nightly.
• bug 1332122 - Navigating to file:// URLs times out in Marionette if loaded in an al
  • Just come up seems to be remote process switching related.
• bug 1358964 - Temp folder is not deleted on exit -> dparks
  • Problem when using profile manager and GPU on Fx55, we now create content temp, but don't delete it.
• bug 1336657 - Firefox 51.0.1 prints only blank pages
  • Looks like some people still don't have write access to their LocalLow dir.
  • Waiting for logging from user, might just need to add in a rule as a catch-all.
• bug 1359021 - [e10s] Named popup window is opened in duplicate when open it from file: protocol
  • Looks like it will be fixed by bug 1351358.
• bug 1351358 - Can't submit form to http(s) URL using POST method from a file:// page
  • After a bit of a fight with session history this is pretty much there.
• bug 1347921 - php _post sometimes blank
  • Turned out to be a duplicate of bug 1351358.

handyman

• bug 1357489 - Flash on Windows save file dialog permissions issue
  • Originally fixed in bug 1284897 -- which is also rebusted
  • Looks like the DLL Interceptor failing to hook methods.
• bug 1347710 - GPU Sandbox
  • no longer uplifting
  • Breaks webvr drivers

gcp

• Bug 1308400 - Construct a file broker policy for default-deny read access on the Linux Desktop
• Patches up, need review (tricky cases with relative paths?), yellow on try, investigating
• Some of the yellow is xpcshell tests
• WebRTC team wants to use epoll syscalls. Checked Chrome, seems ok there. Maybe review other rules against Chrome (and syscall arg restrictions)
  • See also bug 1343699, “Consider using poll() instead of libevent” (IPC)

Alex_Gaynor

• bug 1358223 - Hardcode the lowest allowed sandbox level to 1 (Yay!)
  • Initial patch done, need to go through :bobowen's review
• bug 1357846 - Failing test at sandbox level 3
  • Fix developed, checkin-needed!
• bug 1360223 - Another failing test at level 3

jld

• bug 1358647 - bind/listen/accept removal - is landing
  • This means bug 1358652 (xpcshell using sandboxing), or forcing a non-zero minimum in Gecko, will burn the httpd.js tests
• DBus
  • The WakeLockListener thing might have an easy solution and is now bug 1360069
    • jimm suggests comparing gtk+ wakelocks with other platforms; there's some disparity that might be significant
  • Others… not sure. ELF interposition isn't working (versioning? lazy loading? both?)
    • Note that it's used indirectly, e.g. via libatspi
  • xpcshell tests seem to have more problems, which, ???
    • But they don't cause test failure, just warnings.
• Fought the crash reporter for xpcshell test failures
  • Turns out a minidump_stackwalk from 2015 gets a little confused by modern symbols, so local “repro” wasn't.
  • Actual problem: CI seems to not be doing symbols right for xpcshell
    • I should file a bug.
  • (Actual crash cause: nullptr->Release(). This is why we have StaticRefPtr.)
    • (I could wonder why the shutdown crash was only an error for xpcshell...)

roundtable

• WebExtension native messaging clients don't come down with extensions, they have to be installed by a 3rd party installer
• <input type="file"> file access happens in the child process
  • https://bugzilla.mozilla.org/show_bug.cgi?id=1344415#c21
  • FilePicker displayed in parent, sends back a PBlob(s) to content after user selects file(s)
• Changes in bug 1358223 make me think we should possibly have some sort of central SandboxSettings/SandboxConfiguration/SandboxPolicy class that held this logic. Instead of it being spread throughout the code. Maybe this could be cross platform.
• Bug 1359460 - WebVR does not present
  • GPU sandbox regression
• getting 'security.sandbox.logging.enabled' working for all child process types
  • (logging and the GPU process)
• read restrictions test planning
• Spreadsheet with chromium seccomp vs firefox seccomp:
  • https://docs.google.com/spreadsheets/d/12wk_5n5PDzgqXCjmCUnblsXw5QdR5gGYroBxtCrYVBU/edit#gid=841503896
  • "Testing stuff" tab
  • light green - enabled in chrome
  • darker green - enabled in chrome but restricted somehow
  • red - enabled in firefox but NOT in chrome
  • grayed out - NOT enabled in firefox
  • green or dark green highlighting but grayed out -> enabled in chrome but not in firefox