Security/Sandbox/2018-02-01

< Security‎ | Sandbox

tjr

  • bug 1230910 [MinGW] Get sandbox compiled with MinGW
    • Almost done! Only awaiting review from Aaron on bug 1432381
  • bug 1429812 [Hardening] Investigated Return Flow Guard. Spoiler: bad perf regressions
  • bug 1433171 [Hardening] Investigated d2guardswtablesuppress. Spoiler: medium-ish perf regressions. Except on google, in which case horrible perf regressions.
  • bug 1235982 [Hardening] Control Flow Guard - landed!
    • Going to monitor WER for crashes and then file follow-up bugs to expand coverage
    • Except WER seems to be broken /rollseyes
  • bug 1430841 [Spectre] Fix Float Fuzziness in ReduceTimerPrecision
    • This is obnoxiously hard and complicated. f(x) should equal f(f(x)) right? And f(x-y) should equal f(x) - y Right? Except maybe sometimes it shouldn't. And sometimes it should. More investigation in WPT/CSS Animations needed
  • bug 1425462 [Spectre] Continuing timer fuzzing work
    • This is also obnoxiously frustrating, and has the added fun of balancing the work we do against what other browsers have done and against how much it's okay to let time go backwards.
  • Wrote a (very) rudimentary auditor for Binary Transparency

gcp

  • bug 1386404 Stop allowing Linux content processes to access /tmp
  • Landed and sticking so far
  • Issue was related to XDG_CACHE_HOME redirection, mozprofile bugs with .cache and ???
  • bug 1434281 [mozprofile] Profile dir in cachedir not cleaned up, accumulates during testruns
  • Went through regression, maybe have quick try at bug 1416016 WebGL creation failed on some websites on Linux
  • Will move on to X or anything urgent that comes up

Alex_Gaynor

  • bug 1407693 - crash reporter file creation - serious progress, down to one failing test with a clear strategy for implementation
  • bug 1359566 - automatically drop all audio related sandbox permissions on macOS when audio remoting is enabled
  • Filed https://github.com/mozilla/sccache/issues/221 - intermittent hang bug with sccache, FYI in case anyone else runs into this

jld

  • Vidyo hates me. Also Firefox is having issues with making forward progress when it doesn't have enough cores to eat?
    • Seemed like parent process main thread was spending a lot of time painting — Tree Style Tabs is too hard to render?
  • bug 1430949 - network namespace isolation landed
    • …and raised a perf bug: bug 1434927
    • If the overhead is the network namespace creation itself, we have a Problem.
    • But if it's the fancy test for X being remote, we could go back to parsing the display name
      • Which does break one use case, but I don't know if anyone's actually doing that.
    • Also, if it's the fancy X test just moving part of startup overhead into a different bucket of startup time, then it's a non-problem, but that may be too much to hope for.
  • bug 1213998 - chroot content processes; landed
  • bug 1376910 - SysV IPC: redid patch with the various exceptions; mostly ready to land
    • I want to add a comment about the telemetry analysis I did to detemine the fglrx test
  • bug 1425274 - socketcall demultiplexing; wrote patch; ready to land
    • Fixes an annoying hole in the sandbox on 32-bit, if we're not allowed to unshare net & chroot, but needs kernel 4.2 (Aug. 2015)
  • Reviews
    • I broke the Solaris build, but it's fixed now.

haik

  • bug 1433577 - [Mac] Enable sandboxing for the Flash NPAPI plugin process
    • Have a pretty broad policy working for manual tests
    • Tests dom/plugins/test/ pass (applying policy to npswftest.plugin, Test.plugin, SecondTest.plugin)
    • Need to slim down the policy, come up with scheme for disabling sandbox

handyman

  • bug 1382251 - Brokering https in NPAPI process
  • bug 1429643 - Limit SSL brokering to 64-bit
    • landed
  • bug 1358372 - sndvol.exe shows multiple volume sliders for browser
    • more test failures
  • bug 1433855 - Crash in FunctionBroker::PostToDispatchThread
  • bug 1433856 - Crash in MessageChannel::Close (from FunctionBroker)
    • Landed potential fixes

bobowen

  • bug 1316665 - Never ending spinners on a freshly installed Nightly 64-bit
    • Created a build with some simple printf logging to try and get some idea of failure.
  • bug 1433065 - Firefox 58 is not loading any pages (including about: pages)
    • Turned out to be Microsoft anti-exploitation settings and other AVs using the same things probably.
  • bug 1434292 - Only use MITIGATION_IMAGE_LOAD_NO_LOW_LABEL flag for pdfium process when not running from a network drive.
    • Landed.
  • bug 1434276 - Use MITIGATION_EXTENSION_POINT_DISABLE flag for GMP process.
    • Landed.
  • bug 1409063 - FF 56.0.1 x64 on W7x64: now creating events in "Microsoft-Windows-Known Folders/ Operational" event
    • I can reproduce - some child processes are trying to access these known folders.
  • bug 1396984 - Scrollbar becomes black on first connection of second screen
    • Hooked NtGdiDrawStream function and parameters seem similar in working and failing case.
    • Now think it might be the opening of the theme.
    • Need to post to Microsoft discussion group to see if they can help.

Round Table