Security/Sandbox/2015-02-05
From MozillaWiki
« previous week | index | next week »
Standup/Status
Windows
- GMP/EME Sandboxing
- bug 1129369 - turns on the remaining process-level mitigations that the Chromium renderer uses. Looks OK on try, need to get reviews and land.
- NPAPI Sandboxing
- bug 1127230 - changing to integer "level" pref. r+, just waiting for try push.
- bug 1123759 - Looks like getting to low-integrity is going to be too hard.
Linux/B2G
- Content Sandboxing
- Desktop might not ever happen, depending on what happen with bug 1129492
- GMP/EME Sandboxing
- TODO check for uplift reqs on OpenH264 restriction and if we want to be more strict about --disable-gmp-sandbox
- Other Linux work
- File capabilities don't work like I thought they did.
- No idea when/if releng will get user namespaces for testing
- Tried reviving my branch to run plugin-container under chrome-sandbox
- Questions about IPC child process management and shutdown
Mac
- Content Sandboxing
- Addressed printing and print preview issues in 10.9, still to be tested for 10.10
- Discovered that "save to pdf" and "open file" were trying to write/read from content process. Allowing those would void the purpose of the sandbox, but denying them would not be acceptable for the user. Trade off will be to allow read and write only in the home folder (minus the Library folder).
- Will take into account preference "security.sandbox.macos.content.moreStrict". 0 will disable the sandbox (allow default), 1 will be the default and enable a "working" version which should be ok for users, 2 will be the "ideal" sandbox, but currently will deny too many things.
Chromium
- bug 1102195 - merging from latest Chromium stable release tag. Windows now compiling, just starting to look at the Linux side of things.