Security/Sandbox/2018-04-26

« previous week | index | next week »

tjr

• MinGW Build
  • Identified https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85525
  • Disabling Skia's AVX code produces a somewhat-working browser
  • However some child process crashes here: https://searchfox.org/mozilla-central/source/layout/svg/nsSVGIntegrationUtils.cpp#103
  • I swear I had seen this issue before, maybe while working on x86. In any event, I don't understand it and am planning to reach out the gfx to help....
• CFI Build
  • I got a working build with lld as the linker. I'm now working to enable LTO (probably ThinLTO)
  • Ted helped me overcome one issue this morning (we filed 3 bugs from it), and now onto undefined symbols in JS...
• Timer Intermittents
  • Landed one fix in bug 1446346
  • Need to investigate bug 1454584 which makes no sense to me...
• Lots of gdocs being written (Fission, Tor, Skia)

jld

• The shared memory changes broke.
• bug 1456022 - The broker glitch is back
  • We've been leaking space in /dev/shm since 54 and not noticing until i added an assert. So that's bad.
  • I *can* repro the bug locally… about once every 2 hours of continuous testing (or ~8.5e8 RPCs)
    • Probably higher rate per RPC in that one reftest one of the dups mentions, so might be common enough to matter in real usage.
  • 4 repros with fake second response not received, so probably the request getting lost?
  • Planning another test to try to verify that.
• bug 1455828 - pref data corruption
  • How is this even possible?
  • bug 1456911 - LaunchApp close-on-exec bug if src fd == dst fd (so, for pref shm, if it happens to get fd 8)
    • …which Chromium apparently still has(!); need to file upstream bug.
  • Not filed yet: “backport” not seeking to end & setting append mode, to find out if it's a stray write to the fd
  • bug 1456902 - Get more info when crashing
• bug 1455800 - Probably not security-sensitive but a second opinion would be nice.

gcp

• [Bug 1455498] WebGL doesn't work on Linux if drivers are loaded through LD_LIBRARY_PATH
• X windows proxy:
  • There appears to be very minimal traffic after startup
  • So the proxy is mostly about correlating connections with pids and Content startup
  • Unrusting rust code
  • Need to disallow connections to the real X server somehow! we can now broker connect

bobowen

• Canvas remoting.
  • My horribly hacked version is working ... sort of.
• bug 1444699 - Crash in sandbox::`anonymous namespace'::WarmupWindowsLocales
  • Landed on m-c

Alex_Gaynor

• IPC Fuzing
  • bug 1456147 - filed; assertion failure in underlying buffer management
  • Fuzzer found two sec bugs this week; I found one more by manual inspection
  • bug 1450232 - landed; improve how we handle large length fields in IPC deserialization so the fuzzer doesn't OOM all the time

handyman

• bug 1366256 - NPAPI sandbox level 3
  • Tracked to being "something about the build binary". (Its not the automation setup.)
• bug 1450708 - Crash in FunctionBroker
  • Waiting to see if fixed. Uplift?
• Plugin sec bug

haik

• bug 1376773 - Intermittent test_crash.py TestCrash.test_crash_chrome_process...
  • Deadlock in breakpad callbacks, similar to 1395504
• bug 1450715 - Add pref dom.ipc.plugins.sandbox-level.flash to telemetry
  • landed, still needs sql.t.m.o fix for querying in main summary
• bug 1432567 - [Mac] Add a test that renders fonts from non-standard directories
  • Installed 10.10, using artifact build on local machine for debugging
  • Made a bit of debugging progress