Security/Sandbox/2017-09-21

From MozillaWiki
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

« previous week | index | next week »

gcp

  • bug 1382323 Firefox 54 on Fedora 26 doesn't launch custom protocol handler
  • bug 1384804 Broken browser when running under a firejail sandbox

haik

bobowen

  • bug 1372823 - Extend BaseThreadInitThunk gatekeeping to support Windows 64-bit
    • Landed.
  • bug 1397301 - Crash in sandbox::SharedMemIPCClient::DoCall
    • Hopefully fixed by bug 1372823, probably wait to see if it re-occurs in Beta as it's fairly rare on Nightly.
  • bug 1385207 - Audio over RDP connections not working in 57
    • Decision to live with regression with workaround in 56.
    • Have a patch for automatically weakening sandbox, possibly this should be behind a pref.
  • bug 1400826 - [META] Tracking bug for Windows sandboxed process failed launches.
    • Start filing bugs for these, numbers are much lower now errors are once per session. It will be interesting to see what happens in Beta.
  • bug 1230910 - Get sandbox compiled with mingw-w64
    • Just a note that Georg Koppen, got a working version of Tor Browser with the sandbox enabled.

jld

  • Commented on bug 1386297, about ASan Nightlies and interaction with sandboxing
    • Considered trying to get LSan to work, but, just no. (Blocks SIGSYS with inlined sigprocmask, uses ptrace, …)
    • Suggestion: ASan Nightly uses ASan + sandboxing (we'd need to un-bit-rot and disable LSan by default), while tests use ASan+LSan
      • And minimal tests of ASan + sandboxing — mainly, don't break the crash reporting
  • FIled bug 1401062 for The Clone Thing, and a few others
    • Commented on bug 1151624 (pid namespaces) to update it and describe current direction
    • Filed bug 1401053 for pid namespace isolation for content
      • Once again, PulseAudio is a problem
    • bug 1401786 for cleaning up launch options
      • Still just guessing whether this might be useful on other platforms….
    • bug 1401790 to remove ProcessArchitecture (cross-arch NPAPI on OS X)
  • bug 1396542 - The mysterious Goobuntu bug is about /var/lib/dbus/machine-id, and our QA independently found it on Ubuntu 14.04 and Arch
  • :jesup's fd exhaustion (is this one really our problem, or are we just the one "on top" of the stacks?)
    • The fd exhaustion isn't our problem, but we could, at least, print more useful error messages if it hits us.
      • (It's vaguely *my* problem, because IPC shmem is part of the problem and I'm an IPC peer.)
      • (Also there was a log message about an IPDL message losing attached fds, so maybe I should file a bug about that too….)
    • Filed bug 1401774 to suggest having the broker handle this more gracefully
    • Filed bug 1401776 against IPC to suggest raising the limit (but currently it's handled in Necko)


handyman

Retrieved from "https://wiki.mozilla.org/index.php?title=Security/Sandbox/2017-09-21&oldid=1182530"