Security/Sandbox/2017-04-27
From MozillaWiki
« previous week | index | next week »
Contents
haik
- bug 1334550 - Proxy moz-extension protocol requests to the parent process
- Posted for review, will add comments describing security strategy
- https://treeherder.mozilla.org/#/jobs?repo=try&revision=fbc8e77ebced045b3f48536971fc055aa769a466
- bug 1360223 - Test dom/plugins/test/mochitest/test_bug406541.html fails without home directory read access
- New bug to be resolved before removing read access
- Removing /private/var
- Clean on try, but hitting some printing issues, recorded stream written to /private/var
bobowen
- bug 1360029 - Crash in TppCallbackCheckThreadAfterCallback
- Low level crash - looks like this is the sandbox.
- Haven't tried to reproduce yet (windows profile on network drive).
- Asked for mozregression as seems to be fixed in Nightly.
- bug 1332122 - Navigating to file:// URLs times out in Marionette if loaded in an al
- Just come up seems to be remote process switching related.
- bug 1358964 - Temp folder is not deleted on exit -> dparks
- Problem when using profile manager and GPU on Fx55, we now create content temp, but don't delete it.
- bug 1336657 - Firefox 51.0.1 prints only blank pages
- Looks like some people still don't have write access to their LocalLow dir.
- Waiting for logging from user, might just need to add in a rule as a catch-all.
- bug 1359021 - [e10s] Named popup window is opened in duplicate when open it from file: protocol
- Looks like it will be fixed by bug 1351358.
- bug 1351358 - Can't submit form to http(s) URL using POST method from a file:// page
- After a bit of a fight with session history this is pretty much there.
- bug 1347921 - php _post sometimes blank
- Turned out to be a duplicate of bug 1351358.
handyman
- bug 1357489 - Flash on Windows save file dialog permissions issue
- Originally fixed in bug 1284897 -- which is also rebusted
- Looks like the DLL Interceptor failing to hook methods.
- bug 1347710 - GPU Sandbox
- no longer uplifting
- Breaks webvr drivers
gcp
- Bug 1308400 - Construct a file broker policy for default-deny read access on the Linux Desktop
- Patches up, need review (tricky cases with relative paths?), yellow on try, investigating
- Some of the yellow is xpcshell tests
- WebRTC team wants to use epoll syscalls. Checked Chrome, seems ok there. Maybe review other rules against Chrome (and syscall arg restrictions)
- See also bug 1343699, “Consider using poll() instead of libevent” (IPC)
Alex_Gaynor
- bug 1358223 - Hardcode the lowest allowed sandbox level to 1 (Yay!)
- Initial patch done, need to go through :bobowen's review
- bug 1357846 - Failing test at sandbox level 3
- Fix developed, checkin-needed!
- bug 1360223 - Another failing test at level 3
jld
- bug 1358647 - bind/listen/accept removal - is landing
- This means bug 1358652 (xpcshell using sandboxing), or forcing a non-zero minimum in Gecko, will burn the httpd.js tests
- DBus
- The WakeLockListener thing might have an easy solution and is now bug 1360069
- jimm suggests comparing gtk+ wakelocks with other platforms; there's some disparity that might be significant
- Others… not sure. ELF interposition isn't working (versioning? lazy loading? both?)
- Note that it's used indirectly, e.g. via libatspi
- xpcshell tests seem to have more problems, which, ???
- But they don't cause test failure, just warnings.
- The WakeLockListener thing might have an easy solution and is now bug 1360069
- Fought the crash reporter for xpcshell test failures
- Turns out a minidump_stackwalk from 2015 gets a little confused by modern symbols, so local “repro” wasn't.
- Actual problem: CI seems to not be doing symbols right for xpcshell
- I should file a bug.
- (Actual crash cause: nullptr->Release(). This is why we have StaticRefPtr.)
- (I could wonder why the shutdown crash was only an error for xpcshell...)
roundtable
- WebExtension native messaging clients don't come down with extensions, they have to be installed by a 3rd party installer
- <input type="file"> file access happens in the child process
- https://bugzilla.mozilla.org/show_bug.cgi?id=1344415#c21
- FilePicker displayed in parent, sends back a PBlob(s) to content after user selects file(s)
- Changes in bug 1358223 make me think we should possibly have some sort of central SandboxSettings/SandboxConfiguration/SandboxPolicy class that held this logic. Instead of it being spread throughout the code. Maybe this could be cross platform.
- Bug 1359460 - WebVR does not present
- GPU sandbox regression
- getting 'security.sandbox.logging.enabled' working for all child process types
- (logging and the GPU process)
- read restrictions test planning
- Spreadsheet with chromium seccomp vs firefox seccomp:
- https://docs.google.com/spreadsheets/d/12wk_5n5PDzgqXCjmCUnblsXw5QdR5gGYroBxtCrYVBU/edit#gid=841503896
- "Testing stuff" tab
- light green - enabled in chrome
- darker green - enabled in chrome but restricted somehow
- red - enabled in firefox but NOT in chrome
- grayed out - NOT enabled in firefox
- green or dark green highlighting but grayed out -> enabled in chrome but not in firefox