« previous week | index | next week »

Standup/Status

Windows

• GMP/EME Sandboxing
  • bug 1129369 - Turn on DEP_NO_ATL_THUNK, BOTTOM_UP_ASLR and MITIGATION_STRICT_HANDLE_CHECKS process-level mitigations - landed.

• NPAPI Sandboxing
  • bug 1132021 - Add a new sandbox level for Windows NPAPI to use USER_LIMITED access token level. - landed

Linux/B2G

• Content Sandboxing
  • Still looking like it can't happen on desktop.

• GMP/EME Sandboxing
  • Can get chroot + network namespace isolation relatively easily, if user namespaces supported, then follow up with pid namespaces.

• Other Linux work
  • bug 1088387 is finally ready for review.
    • (But it needs a better title…)

Mac

• Content Sandboxing
  • addressed issues mentioned in the past meeting:
  • hopefully printing and printing to pdf on 10.10 based on logs sent by smichaud
  • allowed file read/write access inside $HOME minus $HOME/Library
  • added "security.sandbox.macos.content.moreStrict" preference, 1 enables sandbox and should be default
  • waiting for review of 1083344

Chromium

• bug 1102195 - Update security/sandbox/chromium/ to Chromium stable channel version 40.0.2214.111 - landed.

Round Table

• EME:
  • The EME team plans to ship in 38. We have twice-weekly EME standup meetings (Monday/Thursday).
    • Do we still want our EME sandboxing meeting? cpeterson to follow up in email.
  • OS X CDM may start in a couple months.