Security/Sandbox/2018-05-03

From MozillaWiki
Jump to: navigation, search

« previous week | index | next week »

tjr

  • MinGW Build: Debugging
    • Run a try build with ./mach test ?
  • CFI Build
    • Got a working LTO build in TaskCluster
    • Working on CFI Now
  • Timer Intermittents: Still investigating bug 1454584
  • Finished Tor, Skia, and 1 Fission doc
    • More Fission docs in the pipeline

Alex_Gaynor

  • IPC Fuzzing
    • bug 1457899 - landed; switched out a KillHard() for IPC_FAIL_NO_REASON()
    • bug 1323532 - landed; removed some excessive codegen in IPC, will make a follow up cleanup easier to implement (bug 1457536)
    • bug 1456147 - landed; fixed assertion failure in IPC
    • sec bugs


gcp

  • bug 1134747 - Investigate possibility of proxying/filtering X11 traffic from Linux desktop content processes
  • Mostly fighting with rust

jld

  • bug 1243108 - the race condition hunt continues
    • Good news: we're not leaking memory after all.
      • It's the response that's lost… even if we send more responses until the buffer is full.
    • More error checking doesn't help.
    • The response is being written on the right socket.
    • It's not a soundness bug in net/unix/garbage.c, so that's good, I guess.
    • And I have a small(ish) C program that reproduces it a lot faster!
    • Doesn't repro when confined to a single CPU (which suggests the lack of repro under rr isn't a coincidence).
    • (The simple joy of inserting a sched_yield and having it *almost* fix the bug.)
    • Forcing the close() on the sending end of a socketpair to happen after the recvmsg() on the other end seems to “fix” it, and isn't a huge hack?
      • But it seems to approximately double the latency overhead for back-to-back requests. There might be a better way to do this….
  • IPC reviews, as usual
  • bug 1457657 - nvidia-tls seccomp violation, but it's not really nvidia-tls??

bobowen

  • Canvas remoting
    • Found some problems with my initial approach, (too much copying and stuck images).
    • Just finishing off a better one that should solve those.

haik

  • bug 1457501 - Mac Crash deadlock triggered by CrashReporter::GetFlatThreadAnnotation() lock acquisition
    • Landed
  • bug 1457545 - Mac Crash deadlock triggered by dlsym()/dlopen() deadlock
    • Resuming threads after minidump handling avoids the problem
    • Looking at alternatives, will wait until after merge to land
  • bug 1452278 - [Mac] Make nsOSHelperAppService::GetFromTypeAndExtension() not call OS MIME API's in content
    • Generic MIMEInfo class, nsOSHelperAppService
  • bug 1458553 - Return of Google Maps all black map with updated Nvidia web driver on Mac
    • Small sandbox tweak to allow file-map-executable for /Library/GPUBundles, on Autoland

handyman

  • bug 1366256 - NPAPI sandbox level 3
    • Fix is to add plugin to sandbox file exceptions. Cause is still unclear.
    • If there is a general problem with the local builds then my testing may have been useless. I'm doing a second cursory check with automation builds.
  • bug 1419488 - Win7 Shutdown hang in CDeviceEnumerator::DestroyHWndNotificationThread (audio)
    • Can now debug this with a Win 7 VM.
    • Issue is a "hang" due to audio hardware interrupts taking too long (under PnpNotificationThreadWrapper)
    • Theory that we can shut this down on a worker thread w/o blocking main loop
  • bug 1450708 - Crash in FunctionBroker
    • crashes finally seem to be gone. uplifted
  • bug 1458034 - multiple volume sliders
    • may be back in Windows 10 with v1803 (currently in preview)

round table