Security/Sandbox/2017-09-28

From MozillaWiki
Jump to: navigation, search

« previous week | index | next week »

haik

  • Per-user legacy extension dir issues that might show up on 56/release
    • bug 1403669 - [Mac] Per-user and system extensions dir regexes only work for 1-character subdirectory names
    • bug 1403744 - [Windows] Whitelist the per-user extensions dir XRE_USER_SYS_EXTENSION_DIR
  • Print refactoring
    • bug 1328975 - Mac e10s printing needs refactoring, causes sandbox violations to be logged
    • bug 1403260 - [Mac] Remove access to print server from content process sandbox
      • Prints mostly work, need to debug document title getting dropped somewhere
  • bug 1401756 - [Mac] Remove unneeded mach-lookups from plugin sandbox rules
    • Needs 10.9 testing
  • bug 1393805 - Changes for bug 1332190 broke temporary installations of legacy addons with framescripts
    • Working on patches that cover Win/Mac/Linux, need to test and post for review
  • bug 1402205 - Non-existent background page blocks extension startup
    • landed


Alex_Gaynor

  • Investigating GPU process for macOS
    • Original need for Windows driven by buggy graphics drivers, less of a problem on macOS
    • macOS does not allow compositing to a window from any process besides the one that created it, makes having a GPU process harder
    • GPU process moves compositing out of parent process, doesn't change content process
    • Content process is still using the GPU, what work needs to happen for us to drop access permissions
      • WebGL
      • 2D Canvas
      • Hardware accelerated video
  • Removing excess iokit-open rules

gcp

  • bug 1384804 Broken browser when running under a firejail sandbox
  • bug 1382323 Firefox 54 on Fedora 26 doesn't launch custom protocol handler
  • /tmp stuff
  • /etc/ld.so.conf reader
  • Setting up SuSE and Arch/Manjaro VM, also checking with Intel iGPU

bobowen

  • bug 1372823 - Extend BaseThreadInitThunk gatekeeping to support Windows 64-bit
    • This got backed out, haven't had chance to look at it for long. Couldn't reproduce locally.
  • bug 1385207 - Audio over RDP connections not working in 56
    • This is in the release notes with a link to a support page over how to lower the level.
  • bug 1400637 - Crash in mozilla::layers::ImageBridgeChild::InitForContent
    • Problem with alternate desktop and AV (particularly Webroot SecureAnywhere).
    • Tracked it to the CreateWindowW call in nsAppshell::Init, when it fails we don't get a callback for the windows procedure from the NtUserCreateWindowEx syscall.

jld

  • bug 1401776 - The continuing adventures of file descriptor limits; commented.
  • bug 1401666 - “slow webgl performance” — figured out what was going on (probably)
    • It's about Mesa figuring out the GPU's userland driver name via its PCI vendor/device IDs, and Ubuntu having “backport” (bpo) drivers with odd names
    • Mesa 12: libudev (blocked by sandbox) vs. sysfs (not enabled!) vs. libdrm (hardcoded list is broken for Ubuntu's i915_bpo)
      • so, ignores PCI IDs & uses kernel driver name, but “i915_bpo” is wrong
    • Mesa 13: libdrm to get PCI IDs directly, no hardcoded kernel driver names
    • Local “repro”: interpose drmGetVersion() to overwrite the driver name with XXXXXX.
    • Idea for fix: walk /dev/dri & allow what libudev is doing for each device.
      • Hope GPU hotplug isn't a thing or isn't relevant to us
      • Could also try to intercept the library or system call & strip "_bpo", but that seems more fragile.
    • We'll need this for 57
  • bug 1403645 (security bug)
  • bug 1402133 - Building with MOZ_SANDBOX but not MOZ_GMP_SANDBOX has been broken on Linux since forever
    • Also I've been talking about --{en,dis}able-gmp-sandbox for years but it never existed. And I'm the one who added MOZ_GMP_SANDBOX. Oops.
    • So I'm feeling more positive towards bug 1375863 (collapse everything into MOZ_SANDBOX)
    • tl;dr: One-line patch, also Gentoo is doing something they probably shouldn't.

handyman

  • bug 1382251 - Brokering https in NPAPI process
    • Started actor work.
  • bug 1400169 - Crash in CallHookWithSEH
    • Verified some of the theories. Adam is talking to Immunet AV.
  • bug 1403707 - Turn on JOB_LOCKDOWN in content proc
    • ready
  • bug 1339259 - Crash in AudioSession::OnSessionDisconnectedInternal
    • Looks like a refcount issue on our IAudioSessionEvents singleton.

We aren't properly considering UnregisterAudioSessionNotification. Trying to get this in today.


Round table