Bot, confirm
270
edits
Changes
Created page with "===bobowen=== * {{bug|1287426}} - Update security/sandbox/chromium/ to Chromium stable channel version 49.0.2623.112 ** landed. * {{bug|1259601}} - Add sandbox status to about..."
===bobowen===
* {{bug|1287426}} - Update security/sandbox/chromium/ to Chromium stable channel version 49.0.2623.112
** landed.
* {{bug|1259601}} - Add sandbox status to about:support (added security.sandbox.content.level for all OS)
** uplifted to Aurora
* {{bug|1259087}} - Add Windows sandboxing information to Telemetry (added security.sandbox.content.level to environment for all OS)
** landed and uplifted.
* {{bug|1301034}} - Log when non-static file policy AddRule calls fail in Windows SandboxBroker
** this is for GMP problem diagnoses mainly, I'll pick up this week.
* Started looking at a separate process for file:// URLs, have rough understanding of the js/c++ code associated with this now, nothing working yet. Need to find an appropriate bug to take.
===tedd===
* Currently at the WW in Berlin (somewhat limited in my time)
* {{bug|977786}} - reviewed nsProfileLock test
* {{bug|1289718}} - Construct policy - looking at patches from :gcp for review (not quite done yet)
* {{bug|1104619}} - Remote audio - making some progress
===haik===
* {{bug|1228022}} - Trigger print jobs from the parent instead of the child for OSX - working on code review feedback
* {{bug|1290619}} - Content sandbox rules should use actual profile directory, not Profiles/*/ regex's - re-review done, should be ready to land today
* {{bug|1299329}} - Remove printing-related privileges from content process sandbox - testing with things that sound print-related removed
===jld===
* Reviewing patches for {{bug|1289718}}
===gcp===
* Finished up filesystem broker (bug 1289718)
* Reviewing XRemote patches
* Updated desktop
===handyman===
* {{bug|1251202}} - Implement Default Audio Device Notifications for NPAPI plugins on Windows
** At the testing phase
** Might have made a few funky architectural decisions to clean up
* {{bug|1241250}} - Prezi frozen at loading on fresh profile with latest Nightly 64 bits
** Just in : Looks to be fixed downstream by Prezi...
* {{bug|1299611}} - Adding policy rules to the Windows sandbox can cause a buffer overrun
** Passed to Chromium to be patched upstream
=== group update from the security team (Summary) ===
====Auditing/Investigation====
* manual auditing message manager
** Investigating options to write a fuzzer to test message manager
** (https://docs.google.com/spreadsheets/d/1YnOFWatdnSBEvDKHLQV4DFngNuwC1Kkb2hZShV1cVx0/edit?ts=57b2f273#gid=35305492)
* Auditing IPDL
** Starting manual review process
*** See https://docs.google.com/spreadsheets/d/17wvJPTfKto8abz7UD2NoPTebNYoV-dh60ejeCx84Vkw (in progress)
** Need to prioritize getting chromium fuzzer ported to give the ability to test firing specific IPDL from child to parent
* File Usage Investigation
** lldb/scripting based approach to dump file usage (names and stack traces)
** kate has wrote some scripts which can be used to help investigate file syscall usage (dump stacks/filenames from lldb). Private repo for now (WIP, contact for access) will publish in the future.
** Findings collected in https://docs.google.com/a/mozilla.com/spreadsheets/d/1hYJ_6YooHqISteeObO2kq_ywQxkHYl5PMVRbxI1jBFE traces tab (in progress)
====Security Model====
* Closer to complete security model
* Still some specific areas outstanding (TLS, addons esp. addon SDK notably)
* publish to wiki and integrate with existing content
====Maintaining a secure sandbox====
* point of a approval for landing?
* sandbox changes
* architectural changes which impact sandbox (e.g. changes to remoted APIs which move security boundaries)
====Next Steps====
* continue auditing the code to determine if gecko parts conform to security model
** First pass of IPDL audit, complete message manager audit
* engage additional resources to get chromium fuzzer work started
* fuzzing is working on fuzzer for message manager (aim to complete this month)
* get the security model up onto the wiki
===Roundtable===
* {{bug|1186187}} - SandboxMirror kernel extension to help reverse engineer Apple's sandbox implementation
* {{bug|1287426}} - Update security/sandbox/chromium/ to Chromium stable channel version 49.0.2623.112
** landed.
* {{bug|1259601}} - Add sandbox status to about:support (added security.sandbox.content.level for all OS)
** uplifted to Aurora
* {{bug|1259087}} - Add Windows sandboxing information to Telemetry (added security.sandbox.content.level to environment for all OS)
** landed and uplifted.
* {{bug|1301034}} - Log when non-static file policy AddRule calls fail in Windows SandboxBroker
** this is for GMP problem diagnoses mainly, I'll pick up this week.
* Started looking at a separate process for file:// URLs, have rough understanding of the js/c++ code associated with this now, nothing working yet. Need to find an appropriate bug to take.
===tedd===
* Currently at the WW in Berlin (somewhat limited in my time)
* {{bug|977786}} - reviewed nsProfileLock test
* {{bug|1289718}} - Construct policy - looking at patches from :gcp for review (not quite done yet)
* {{bug|1104619}} - Remote audio - making some progress
===haik===
* {{bug|1228022}} - Trigger print jobs from the parent instead of the child for OSX - working on code review feedback
* {{bug|1290619}} - Content sandbox rules should use actual profile directory, not Profiles/*/ regex's - re-review done, should be ready to land today
* {{bug|1299329}} - Remove printing-related privileges from content process sandbox - testing with things that sound print-related removed
===jld===
* Reviewing patches for {{bug|1289718}}
===gcp===
* Finished up filesystem broker (bug 1289718)
* Reviewing XRemote patches
* Updated desktop
===handyman===
* {{bug|1251202}} - Implement Default Audio Device Notifications for NPAPI plugins on Windows
** At the testing phase
** Might have made a few funky architectural decisions to clean up
* {{bug|1241250}} - Prezi frozen at loading on fresh profile with latest Nightly 64 bits
** Just in : Looks to be fixed downstream by Prezi...
* {{bug|1299611}} - Adding policy rules to the Windows sandbox can cause a buffer overrun
** Passed to Chromium to be patched upstream
=== group update from the security team (Summary) ===
====Auditing/Investigation====
* manual auditing message manager
** Investigating options to write a fuzzer to test message manager
** (https://docs.google.com/spreadsheets/d/1YnOFWatdnSBEvDKHLQV4DFngNuwC1Kkb2hZShV1cVx0/edit?ts=57b2f273#gid=35305492)
* Auditing IPDL
** Starting manual review process
*** See https://docs.google.com/spreadsheets/d/17wvJPTfKto8abz7UD2NoPTebNYoV-dh60ejeCx84Vkw (in progress)
** Need to prioritize getting chromium fuzzer ported to give the ability to test firing specific IPDL from child to parent
* File Usage Investigation
** lldb/scripting based approach to dump file usage (names and stack traces)
** kate has wrote some scripts which can be used to help investigate file syscall usage (dump stacks/filenames from lldb). Private repo for now (WIP, contact for access) will publish in the future.
** Findings collected in https://docs.google.com/a/mozilla.com/spreadsheets/d/1hYJ_6YooHqISteeObO2kq_ywQxkHYl5PMVRbxI1jBFE traces tab (in progress)
====Security Model====
* Closer to complete security model
* Still some specific areas outstanding (TLS, addons esp. addon SDK notably)
* publish to wiki and integrate with existing content
====Maintaining a secure sandbox====
* point of a approval for landing?
* sandbox changes
* architectural changes which impact sandbox (e.g. changes to remoted APIs which move security boundaries)
====Next Steps====
* continue auditing the code to determine if gecko parts conform to security model
** First pass of IPDL audit, complete message manager audit
* engage additional resources to get chromium fuzzer work started
* fuzzing is working on fuzzer for message manager (aim to complete this month)
* get the security model up onto the wiki
===Roundtable===
* {{bug|1186187}} - SandboxMirror kernel extension to help reverse engineer Apple's sandbox implementation
