Security/Sandbox/2017-07-20

« previous week | index | next week »

haik

• bug 1380690 - [Mac] Automatically determine the repo dir so that MOZ_DEVELOPER_REPO_DIR isn't needed
  • Posted for review, :gps recommending a different approach, under discussion
  • Issues with env vars with marionette tests, web-platform-tests
• bug 1376496 - Follow-up fixes to moz-extension remoting support in 1334550
  • Posted for review
• bug 1380141 - Running Talos locally on OS X results in crashed tabs
  • Landed
• bug 1380132 - SSL info in url bar totally broken on mac nightlies due to sandboxing changes
  • Landed
• bug 1379906 - Assertion and crash during startup when running Marionette tests
  • Landed

Alex_Gaynor

• bug 1381019 - Win32k investigations
• bug 1380416 - Investigate hardlinks in the build process

bobowen

• bug 1366694 - Enable Windows level 3 content process sandbox by default on Nightly - thanks to aklotz's fix.
  • On inbound
• bug 1378377 - file:// URI sub-resources within CAPS whitelisted http pages will fail to load with read sandboxing
  • Landed
• bug 1379951 - a11y crashes [@ GetProxiedAccessibleInSubtree ]
  • original problem seemed to be fixed, but there's another crash - I think it might be an existing issue, perhaps retriggered by level 3.
• bug 1352192 - Crash in mozilla::SandboxBroker::SetSecurityLevelForContentProcess with "SetIntegrityLevel should never fail, what happened?"
  • Resurfaced due to sandbox lib change - updater issue with mismatching EXE/DLL versions still outstanding.
• bug 1314801 - Enable PROCESS_MITIGATION_IMAGE_LOAD_POLICY - depends on
  • bug 1380609 - Make Win10 SDK (minimum v10.0.10586.0) required for building Firefox
  • bug 1356493 - Cannot build Nightly with Windows 10 SDK (10.0.15063.0) due to "ERROR: Cannot find mt"
    • Landed
  • bug 1364137 - Windows SDK directory not detected properly on 64-bit python
    • Patch up for review

jld

• Reviewed bug 1308400 (Linux broker, deny read, symlinks, etc.)
  • But on bug 1380690 I just suggested that if we didn't have the test symlinks we maybe could rip it all out and do something simpler….
• Requested uplift in bug 1372428
• Reviewed MOZ_WIDGET_GONK removals in bug 1382099; filed or update followup bugs
  • bug 1316153 is IPC but vaguely related, because we might wind up passing sandbox settings in that enum…
  • Considering removing the ifdef ANDROID stuff, too.... (need to file bug if we don't have one)
• Filed bug 1381653 to get full rejected syscall telemetry in a usable form
• Landed bug 1376653 - musl libc stuff
• Investigated “chaos mode” interactions in bug 1378944 - not sure what we should do
• (Not sandboxing: finished revising DTLS testing patch; awaiting re-review)
• Landed bug 1376910 - SysV IPC removal
• Triaged SIGSYS crashes & filed some bugs; don't understand how most of these things can even get to bind()…
  • Considered remoting the proxy service, but it's annoying.
  • There's a bunch that look like pre-1372428 Nightly + new plugin; sigh.

handyman

• bug 1382251 - Brokering https in NPAPI process
  • Writing a "mostly automatic" brokering API to simply as we'll be brokering many calls (vs Chromium)
  • Limiting to SChannel usage (vs all networking)
  • Remaining concern: InitializeSecurityContext
  • Need to figure out NPAPI failure cleanup (avoid leaving objects in brokering proc)
  • Currently still using main actor but this will change

Round Table

• Requirement to use MOZ_DEVELOPER_REPO_DIR for Linux builds.
• GConf?
  • Officially EoL
  • Hasn't been updated since 2013
  • Do we still need to support it? (For WebRTC proxy lookup, or in general)
    • We're not testing it on CI, so de facto it's not Tier 1
  • Telemetry would be nice, but we may already have broken it (for WebRTC proxy lookup) in 56.
• dev-platform follow up email announcing Windows l3 landed \o/