Security/Sandbox/2017-08-31
From MozillaWiki
« previous week | index | next week »
Contents
bobowen
- bug 1385928 - Mozregression launched nightly after 2017-07-30 don't load start page
- Chromium change landed and uplifted to Beta.
- bug 1392570 - Firefox fails to launch on Windows 7 when already running in a job.
- Waiting for data collection review.
- no bug yet - improve telemetry when sandbox child fails to launch.
- Should have patch for this tomorrow.
- Widevine issue solved by hooking function and thanks to help from dmajor, aklotz and handyman with the hooking.
- bug 1394370 - Sandbox security level 3 makes GetClipBox WinAPI function to return NULLREGION for desktop.
- Weird side effect of using JOB_OBJECT_UILIMIT_HANDLES in the content process, seems like a Windows bug maybe.
- Goes away once we start using an alternate desktop, which possibly explains why it isn't seen with chromium.
haik
- bug 1391186 - Thunderbird loses setting as default email client when "mailto" triggered by Firefox 56/57 on 10.11
- Root caused, working on fix
- bug 1392988 - Firefox 55.02 on macOS High Sierra cannot play AES encrypted video
- Landed, will uplift to 55
- Not sandboxing bug 1350642 - Remove the PBrowser::Msg_GetTabCount sync IPC
- A little sick, may be taking PTO
jld
- Tried to have fun with the AudioIPC prototype (bug 1391523)
- Ran into bug 1394163 — WebRTC is still doing PulseAudio
- Might not be *using* it, but it's starting it
- I wonder if we have sandbox rules for an unused extra instance of PA….
- And then wound up buried in child process handling
- Was trying to just get rid of SandboxEarlyInit before we accumulate even more technical debt there
- Original plan: clone() processes directly
- But I thought I had a way to make wrappers (like chrome-sandbox) work without confusing IPC about multiple PIDs
- I was wrong. So very, very wrong.
- But know I know more things about IPC
- Also had an idea about bug 227246, but actually no.
- bug 1259852 is sort of related, but also, I found bugs on Mac and BSD; need to file
- Almost but didn't quite comment on bug 1348361
- I'm wondering if fork() is starting to be a perf bottleneck
- vfork is scary and would force sandboxing to use wrappers (and async pid)
- Chromium uses a low-overhead “zygote” process to fork (-> async pid)
- Was trying to just get rid of SandboxEarlyInit before we accumulate even more technical debt there
Alex_Gaynor
- bug 1229829 - Alternate desktops on Windows
- Finally identified the cause of the GMP failures!
- Patch up which is green, patch to Chromium's sandbox to fix the issue
- win32k lockdown
- Hit frustrating roadblocks in collecting stacks from test
- Did more manual stack collection to make sure we had coverage
handyman
- bug 1382251 - Brokering https in NPAPI process
- Eliminated runtime ASSERT hacks with deeper template metaprogramming.
- bug 1388903 - invalid HWND in PrintDlg
- Removing the dialog parent HWND (using DLLInterceptor). This will not survive some
sandbox hardening e.g. Alternative Desktop.
- Brokering also works but ignores Adobe's callback, which is probably just styling.
I like this for a long-term solution (it works with automatic brokering).
- Expect to uplift
Roundtable
- IPC base::ChildPrivileges — does anyone need it?
- B2G doesn't; Linux was going to but might not; Windows uses it for the “is a file process” bit
- I'm probably going to remove Windows dependency here and pass in a sub-process type string into GeckoChildProcessHost, so that it can be used for policy differences.
- Linux might use it after all
- bug 1316153 for removing the B2G leftovers
- B2G doesn't; Linux was going to but might not; Windows uses it for the “is a file process” bit
- 3 weeks to 57 beta merge
- projects status