Security/Sandbox/2017-10-12

From MozillaWiki
Jump to: navigation, search

« previous week | index | next week »

jld

  • bug 1387837: reviewed ld.so.conf parsing; browsed the glibc source and discovered many “interesting” things
  • bug 1198552: became entangled with the grsec procfs fd-passing restriction
    • which probably also affects the profiler via bug 1198550
    • (I used to know why the profiler would read /proc/self/maps vs. just using _dl_iterate_phdr….)
  • bug 1401666: obtained uplift for the WebGL/udev bug (and its mistakes/regressions)
  • More of the clone() train:
    • bug 1259852: landed env cleanup (& learned something new about C++11)
    • bug 1316153: landed ChildPrivileges removal (B2G relics)
    • bug 1400061: wrote&posted patch for Mac fd race bug
      • (The BSD one can probably be fixed by copying Linux, after the B2G removal lands, and then we can finally make good on agl@chromium's TODO comment from 2009)
    • bug 1401790: wrote&posted patch for ProcessArchitecture removal (OS X + NPAPI + ≤ 53)
  • bug 1406971: finally went ahead and wrote the simple workaround for most of bug 227246
    • …which accidentally fixes bug 147659
    • …and is basically a dup of bug 678369 except that all the useful content is on the new bug; oops.
  • Still need to get back to bug 1402133 (preprocessor directives vs. Gentoo)

bobowen

  • bug 1372823 - Extend BaseThreadInitThunk gatekeeping to support Windows 64-bit
    • Fixed first assertion that was invalid due to race.
    • Now found second race, just need to work out best way to avoid it.
  • bug 1400637 - Crash in mozilla::layers::ImageBridgeChild::InitForContent
    • Landed more blocking, but looks like some AVs respond by just killing the process.
    • It now looks like it is when the AVs cause uesr32.dll to be loaded that the issues happens, possibly because it gets initialised on the wrong thread.
  • Fair bit of time on reviews.

Alex_Gaynor

  • bug 1407292 - Fixed in running crashtests locally on macOS
  • bug 1319423 - Don't create files in the content process for printing
    • Been reviewed, most feedback responded to
    • Like everyone else who has touched printing, I regret it deeply :-)
  • bug 1407693 - Don't create files in the content process during crashes
    • Have patch, need to verify it works on other platforms
  • macOS GPU process
    • Mostly understand how Chromium uses theirs
  • Anti-virus makes me angry

haik

  • bug 1404919 - Fonts don't display correctly since update due to content-process sandboxing on macOS
    • All submitters are using the Extensis Suitcase Fusion font manager
      • stores fonts in $HOME without extensions
  • bug 1328975 - Mac e10s printing needs refactoring, causes sandbox violations to be logged
    • Prints working without print server connection
    • Needs cleanup/more testing

gcp

  • bug 1387837 Consider using /etc/ld.so.conf for creating the broker read access policy
  • Turns out bug 1382323 Firefox 54 on Fedora 26 doesn't launch custom protocol handler had more fallout than we realized:
    • bug 1400803 - e10s break external protocol handler functionality
    • bug 1394182 - Firefox unable to handle magnet links
      • Need to check
      • bug 1297686 When multiple desktop files support the same protocol scheme, only one of them is listed
  • bug 1386404 - Stop allowing Linux content processes to access /tmp
    • Will use the one-fo-all content solution first
    • Need to replace TMPDIR env and intercept /tmp

handyman

  • bug 1382251 - Brokering https in NPAPI process
    • Actor work
  • bug 1339259 - Crash in AudioSession::OnSessionDisconnectedInternal
    • Not going to uplift
  • bug 1391414 - Flash Async rendering scaling issue
    • Jeromie is trying to find someone to repro
  • bug 1400169 - Crash in CallHookWithSEH
    • ImmunetAV says their latest has a fix (at this point I am just lurking on the communication)


win32k lockdown

Round table

  • chromium update for 58? new features like MITIGATION_FORCE_MS_SIGNED_BINS