Security/Sandbox/2014-05-22

From MozillaWiki
Jump to: navigation, search


« previous week | index | next week »

22 may 2014

OpenH264:

  • Windows sandboxing - patch got f+, working on review comments. To do: 1) Investigate build test failures with gmp-sandbox patch. 2) Post to dev-platform about building sandboxing code. 3) Implement some combination of build flags and prefs that make sense for enabling/disabling sandboxing of content and gmp processes. 4) (after landing initial patch) Followup bugs for ratcheting down security of gmp process sandbox
  • Mac sandboxing - New bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1012949 Smichaud is taking the lead on investigation thus far. Good discussions happening there.
  • Linux sandboxing - New bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1012951 No discussion yet. Karlt may be available for this soon - Maire is confirming. In the meantime, will be looking to Ekr to get the initial work jumpstarted.
  • Hoping the same guys can then work on EME sandboxing. New bugs for EME work will be opening soon; initially they will just be placeholders until folks are available to start this work (after OpenH264 sandboxing).
  • GMP = Gecko Media Plugins : https://bugzilla.mozilla.org/show_bug.cgi?id=957928 More info: https://wiki.mozilla.org/GeckoMediaPlugins

Linux/B2G:

OPEN:

  • not very far yet
  • another library skia in gecko makes use of open() and we can't modify it
    • What does Chromium do, since they use the same code?
      • Reach out to Google to find out (Sid to follow up? - Maire will ping him)
      • NOTE: Chromium makes calls to GL in a separate process which is a win from a security perspective but can hurt performance -- This may affect how much we can model what Chromium does (its the GL proxy)