Security/Sandbox/2015-03-12

From MozillaWiki
Jump to: navigation, search


« previous week | index | next week »

Standup/Status

Windows

  • Content Sandboxing
    • bug 1137166 - sandboxing levels using a pref - landed.
  • GMP/EME Sandboxing
    • EME planning to ship in 38.

Linux/B2G

  • Content Sandboxing
    • The patches to make remote jars not open files in the content process have finally landed.
    • Unwhitelisting unlink() is on its way.
    • Also, making readlink() fail instead of allowing it.
    • v2.2 needs some uplifts for Lollipop
  • Other Linux work
    • Testing for the presence of more advanced sandboxing features landed, and had an obvious-in-hindsight bug that ASAN caught (but not on automation, because their kernels are too old)
      • rel ops is going to look into upgrading automation to Ubuntu 14.04.

Mac

  • Content Sandboxing
    • "breaking addons once" and "breaking nothing now" are mutually incompatible expectations. The 2nd expectation requires to allow "read all", which may still break some addons for other reasons, and as a later sandbox will turn that to "read-some", a 2nd wave of addons will break, contradicting 1st expectation. Keeping the default sandbox level to 0 seems to be the only sensible option for now.
    • agreed to have a "allow read mostly everywhere" rule, will only restrict access in "$HOME/Library" to addons inside the profiles dirs. Will raise the default level to 1. Should post the patch after the standup.
    • implement level 2, to be more strict. basically will be what level 1 is today.
  • GMP/EME Sandboxing
    • Close to finishing bug 1110911 ("Move Mac sandboxing code into plugin-container").

Chromium

  • Chromium update - gcc-4.6 not sure if Android and B2G are a problem.
    • Bob to follow up with mwu.

Round Table

  • Added BUG_COMPONENT metadata for security/sandbox/