Security/Sandbox/2017-12-07

« previous week | index | next week »

bobowen

• bug 1423296 - Firefox never fully starts when launched from network drive on Windows
  • Caused by MITIGATION_IMAGE_LOAD_NO_LOW_LABEL - patch up for review.
• bug 1422053 - LaunchApp failure calls ClearOnShutdown off main thread
  • Landed - need to request uplift to Beta.
• bug 1423644 - Don't create the nsAppShell hidden message window, when not using native event processing.
  • On inbound - hopefully this will finally mean we can use the Alternate Desktop, once we get rid of native event processing.
• bug 1395187 - It seems that it takes a long time to start the browser since Bug 1384336 landed
  • On inbound - blocker for turning off native event processing, found flag that means we never show the waiting flag for the launched child.
• bug 1423628 - Stop processing native events in the content process
  • Still two blockers (bug 1395536 and bug 1396984) remaining.

gcp

• bug 1257276 Allow specification of environment variables when creating child processes
• And the cascade of related bugs
• patch is r+
• I think I need to support the non-sandboxed case too though?
• link issues with 2x chromium code (prolly because win is using a separate static lib..) BASE_EXPORT/SANDBOX_EXPORT?

haik

• bug 1393259 - [Mac] Remote access to fonts from custom directories, font managers
  • Top-level protocol version is working
  • Remoting font API doesn't work for multi-face font files (CGFontCreateWithDataProvider())
  • Did some experiments with CTFontManagerRegisterFontsForURL()
• bug 1421957 - [mac] "Open in Preview" sometimes triggers a "Load the following paper into the rear tray" popup then fails
  • Possible regression of bug 1403260 - [Mac] Remove access to print server from content process sandbox

Alex_Gaynor

• bug 1407693 - don't create files in crashreporter; revised for gsvelto's review
• bug 1414834 - re-land print IPC changes; landed!
• Disallow ParamTraits implementations for enums, require use of ContiguousEnumSerializer
  • Fixed a few existing implementations
  • Static analysis landed
• Out of Process JIT research
  • Reviewing Chakra implementation
  • Need to threat model exactly what level of attacker control the remote API needs to be resilient to
  • Preparing for meeting with the SM team next week!

jld

• Upgrading my OS to try to get Vidyo to work broke Firefox… but only debug builds.
  • bug 1422907. Turned out to compiler-version-dependent (maybe compiler bug, maybe UB that will bite us later)
  • GCC 7.2.0 is bad, GCC 7.2.1 works
    • Fortunately, Debian uploaded 7.2.1 on Tuesday
  • Also ran into bug 1423684 trying to find a “good” revision to bisect that
    • (There probably is no “good” revision.)
• Reviews (mostly the env var thing)
• bug 1401062 - Did the pref thing, then realized it's not worth the code complexity
  • Content: currently we're not using namespaces, so existing sandbox level prefs would suffice
  • GMP: can use MOZ_ASSUME_USER_NS=0 to troubleshoot, but weakens sandbox
    • So if we would “pref off” on release, instead back out the patches. But release isn't until March, so probably won't happen.
  • (I should write this up with more words in the bug.)
  • The longjmp approach seems to be working
    • …but, speaking of IPC Chromium vs. Sandbox Chromium, if we could use modern Chromium base/process/launch then there's be a little less rewritten code here

handyman

• bug 1382251 - Brokering https in NPAPI process
  • Passed Adobe's tests. They will announce the Nightly change to their beta forums.
  • Finishing reviews. Had to add HttpSendRequestExA.
• bug 1415162 - Set USER_LIMITED on NPAPI proc
• bug 1415160 - Set process mitigations on NPAPI proc
  • The old STRICT_HANDLEs issue (Amazon Instant Video) no longer exists but I found other issues.
• bug 1421944 - Cubeb audio device notification failure
  • Can fix with (Un)RegisterEndpointNotificationCallback brokering or by changing cubeb source
• bug 1419611 - Flash print-to-file
  • Was a known issue

Roundtable

• complaints related to the RDP audio issue
  • broken by level 3
• Progress on WebRTC audio device access: bug 1397793 landed, unblocking bug 1394163.