Security/Sandbox/2017-07-27

From MozillaWiki
Jump to: navigation, search

« previous week | index | next week »

haik

  • Landed:
    • bug 1380690 - [Mac] Automatically determine the repo dir so that MOZ_DEVELOPER_REPO_DIR isn't needed
    • bug 1376496 - Follow-up fixes to moz-extension remoting support in 1334550
    • bug 1380156 - Loading temporary an unpacked extension breaks extension page's CSS in OOP Extensions
    • bug 1383841 - [Mac] Disable sandbox violation logging by default
      • Perf-related
  • bug 1384153 - Artifact builds broken crashing content tabs on latest autoland to m-c merge
  • bug 1384209 - [Mac] Remove com.apple.coreservices.appleevents from the content process sandbox
  • Researching iokit use

Alex_Gaynor

bobowen

  • landed
    • bug 1383611 - Widevine CDM 984 x64 and x86 blocked by sandbox on Win10
    • bug 1364137 - Windows SDK directory not detected properly on 64-bit python
      • Should be able to move to requiring Win10 SDK now and so fix bug 1314801.
  • bug 1384327 - Nightly & kaspersky antivirus cause a big issue at start-up
    • Looks like injected code is now failing in the content process and causing issues.
  • bug 1369669 - Unable to preview files from google drive
    • Patch to resolve the child exe path before launching on try (or at least I think it is).
  • bug 1379951 - a11y crashes [@ GetProxiedAccessibleInSubtree ]
    • Couldn't reproduce this now, but I noticed that the pre-Beta report suggested it was down to firefox being run from a symlink/junction point, so might be same issue as bug 1369669.

gcp

  • Landed bug 1308400 Construct a file broker policy for default-deny read access on the Linux Desktop
  • Some fallout: WebGL, userChrome.css
  • bug 1384483 userContent.css gets blocked with sandbox level 3 on Linux
  • Testing wrt MOZ_DEV_REPO_DIR and out of tree builds: looks like it's working fine, had some orange, but probably not from sandboxing
  • Updated documentation


jld

  • Everything is broken.
  • socketpair
  • bind() et al.
    • The NIS thing: some Mesa drivers call getpwuid_r on getuid() to put the username in a shader cache dir
      • Can set MESA_GLSL_CACHE_DIR; need to file bug (see also Bug 1380051)
  • SysV (backed out)
    • ALSA broke again, because (1) no AC_DEFINE(MOZ_ALSA), and (2) it uses shm as well as semaphores
    • fglrx uses semaphores (& maybe also shm?)
      • Do I need to requisition a test machine with an AMD GPU? (what do you need to know?)
      • Should be easy enough to check for “Catalyst” (or probe libs with RTLD_NO_LOAD) and set a flag to allow shm
    • Mysterious graphics things where Cairo (maybe via our GTK stuff) talks directly to X and uses shm
      • (My unease about all the conditionals in that code is vindicated....)
      • Can't reproduce; #gfx had some reasonable-sounding suggestions but they didn't help.
      • Might need to ask karlt
  • read restrictions
    • The DRI sysfs thing from yesterday (bug 1384718)
    • (Are we noticing a theme of GPU drivers causing problems?)
  • ioctl et al.
    • Going for default-deny ioctl; found some surprises.
      • Side effect: FFMPEG log messages will probably stop using ANSI colors
    • bug 1384292 - “sctp_userspace_get_mtu_from_ifn is broken and useless on non-Windows platforms”
      • Media people filed upstream bug; might not be useless upstream, but definitely broken
  • link/symlink/rename removal
    • Seems to work; merge conflicts with symlink magic, but fixed
  • Filed bug 1383888 when I noticed we'd forgotten readlinkat; needs to be part of “read restrictions” deliverable.
  • Small adjustments to big syscall spreadsheet (https://docs.google.com/spreadsheets/d/12wk_5n5PDzgqXCjmCUnblsXw5QdR5gGYroBxtCrYVBU/edit)
    • This may not be the best way to visualize this information
    • (e.g., fussing over syscalls that are mostly harmless because there are a lot of them and each of them is a line, while ignoring the X11 socket, is… not ideal)
  • Haven't been approached about Widevine v984 yet.


handyman

  • bug 1382251 - Brokering https in NPAPI process
    • Made more generic. Brokers all calls through 1 IPDL method.
    • Both IPDL sides (client/server) are now automatic.

Round Table

  • Bug 1344776 - MOZ_LOG doesn't work for child processes because of sandboxing, other OS but Windows
    • Bug 1345046 - Create a low level API for logging that is sandbox friendly.
  • VMP - new "verified media path" for widevine issue
  • Do we still need bug 1343283 before roll-out - perhaps we should have it in 55, but might be too late.
  • Remove MOZ_DEV_REPO_DIR from tree, ExtensionProtocolHandler dependency