Security/Sandbox/2017-09-07

« previous week | index | next week »

jld

• Has to leave the meeting earlyish today — doctor appointment
• bug 1299581 - block waitpid et al. (see also bug 227246
• bug 1397753 - block kill (PulseAudio, sigh)
  • bug 1328896, restricting fcntl, is somewhat pointless without this
• bug 1381653 - syscalls in main summary dataset: apparently a one-line patch
  • (I'd seen bug 1372900, which was not so simple, but apparently there's been cleanup within the past couple months to make this kind of change easier.)
• No bug yet: child process renovation
  • No more SandboxEarlyInit and kUnexpectedThreads; can use prefs (or gfx state?) to control namespace use
  • pid namespaces for media plugins: seems to pass try
    • Finally, media plugins will be as sandboxed as a Chrome renderer
    • …but for content, not until PulseAudio is gone
      • I get hundreds of timeouts on Try, which I can't reproduce locally *or* with TaskCluster's “interactive task” mode.
      • I suspect it's PulseAudio and timing-dependent; I'll defer this until audio remoting happens
    • With gdb ≥ 7.9, seems to not need a helper script for multithreaded debugging
  • On my WIP branch: content sandbox levels 4 (net/fs isolation) and 5 (pid), because I can
  • Unfortunately, prefs are main thread only, and this all happens on the I/O thread
    • So, anything that's trying to be nice and not jank the main thread has to add complexity with pref caches
    • instead of putting that burden on whatever odd use case is causing prefs to be a bottleneck?

gcp

• bug 1382323 - Broken external protocol handlers on Fedora
• I can reproduce this now, it's nsOSAppHelperService again, callpath we missed into GNOME
• Got a remoting implementation but issue still reproduces, debugging

haik

• bug 1391186 - Thunderbird loses setting as default email client when "mailto" triggered by Firefox 56/57
  • reviewed
• bug 1395898 - [OOP] jar cache incorrectly handled non-existent file paths
  • landed
• bug 1397257 - [Windows] Awesome Screenshot removing error for a second uninstallation

bobowen

• bug 1392570 - Firefox fails to launch on Windows 7 when already running in a job.
  • landed and uplifted to Beta
• bug 1395952 - improve telemetry when sandbox child fails to launch.
  • waiting for data review - but probably going to change this to record once per Gecko Process Type/Error code combination per session
• bug 1397301 - Crash in sandbox::SharedMemIPCClient::DoCall
  • Seems to have spiked in Beta 9, dump complains that pointer is null when it isn't.
  • possibly something to do with 64-bit migration

Alex_Gaynor

• bug 1229829 - Alternate desktops, landed!
• win32k research
  • Breakthrough this week, now have something which goes from process spawn to exit with no human intervention and captures stacks!
  • Next to wire it up to mach run's --debugger, then mach test!

handyman

• bug 1382251 - Brokering https in NPAPI process
  • wip
• bug 1388903 - invalid HWND in PrintDlg
  • Uplift
• bug 1395321 - Print to file bug
  • Divergence from the working (no sandbox) version: Flash -> StartDocW -> StartDocPrinterW -> StartDocDlgW -> RPC call which (apparently) fails
  • Not yet narrowed to a particular sandbox setting.
• bug 1391247 - Flash Async Drawing Breaks On Tab Switch
  • Bug is in the plugin. Kicked to Adobe.