Security/Sandbox/2018-01-11

From MozillaWiki
Jump to: navigation, search

« previous week | index | next week »

Alex_Gaynor

  • bug 1428055 - Deny access to some on-by-default sandbox rules. Should be ready to land, waiting until after we branch for 60 so there's a full 6 weeks on nightly to burn in.
  • bug 1427012 - Made the print IPC code more resilient to situations that shouldn't occur, but do. Landed.
  • bug 1426807 - Digging into a print crash that requires Windows + Narrator + certain websites, and which was somehow caused by the IPC change.
  • ACG write up finished and sent out.

gcp

  • Landed environment handling patches
  • Involved a fight with clang, mingw and our tier 1 platforms
  • bug 1428349 clang on win32/64 is either a tier 1 platform or it is not
  • bug 1386404 Content temprdir patches landed
  • and backed out again - performance issue in marionette tests?!

bobowen

  • bug 1423628 - Stop processing native events in the content process
    • bug 1396984 - tried recording using Time travel Debugger, but it's very slow and hangs a lot. Now looking at all the windows message processing, to try and get somewhere.
    • Doesn't appear to be any performance regressions for Windows, so I'm going to turn on for Nightly only, given that the only report of it making the symptoms from bug 1396984 worse was for Windows on a MacBook Pro.
  • bug 1421944 - Webrtc microphone input broken in Windows Insider Preview Build 17046
    • Looks like this has landed, but isn't in their insider build yet.

haik

  • bug 1421262 - Firefox renders garbage viewing PDFs or Google Docs with nVidia driver
    • Uplifted to Beta
  • bug 1393259 - [Mac] Remote access to fonts from custom directories, font managers
    • Prototype using sandbox extensions was working, but fix turns out to be much smaller, only requires sandbox rules
    • Have patch ready, needs lots of testing with 3rd party font managers
    • Going to target 60
  • bug 1429133 - Firefox not displaying Unicode correctly
    • Another font manager bug, landed on Nightly, font files with no extension in $HOME
  • Working on starting the sandbox earlier
    • For better security and to identify things being implicitly setup during startup

jld

  • bug 1401062 - Send the clone patches for review (finally)
    • Separating patches for various dependent bugs
  • bug 1243108 - The sendmsg/recvmsg mystery failure is an old bug
    • This is happening for real now (see "See Also" bugs)
    • Considered possible explanations but it still makes no sense
    • Taking wait-and-see approach because it's still uncommon
  • bug 1411629 - The remote DBus thing: proposed something that may or may not make sense
    • If there's a bigger problem here, landing bug 1126437 will flush it out....
    • Also need to investigate pre-sandbox-start DBus, in case it uses "abstract namespace" AF_UNIX

handyman

  • bug 1382251 - Brokering https in NPAPI process
    • landing
  • bug 1358372 - sndvol.exe shows multiple volume sliders for browser
    • This is an OS bug. Put together some work-arounds that seem to finesse the issue.
    • Should report to MS (how?)-> Mozilla-Microsoft discussion list
  • bug 1415160 - Set process mitigations on NPAPI proc
    • IME and VMs