Security/Sandbox/2015-07-23
From MozillaWiki
« previous week | index | next week »
Contents
Windows
- Content Sandboxing
- bug 1171796 - MOZ_LOG() and stderr from child process are not outputted into log file - need to initialise sandbox TargetServices before xul.dll is loaded and give full path for child log file.
- NPAPI Sandboxing
- bug 1182411 - Flash settings menu doesn't work on windowless plugins with low integrity sandbox - patch reviewed - needs a bit of work to make calls async.
- bug 1185529 - Flash AS2 Key.isDown recently broken - this is in normal flash protected mode - still investigating, may have to back out sandboxing changes in the meantime.
Linux/B2G
- Content Sandboxing
- bug 930258 continues to make progress. Updated broker policy given results of Try run with logging, and fixed issues with profiler and memory reporting.
- Other Linux Work
- bug 1181704 - async signal safe logging.
- bug 1157864 - fix musl libc build (and ping upstream)
- bug 1162780 - NSPR update to 4.10.9 beta 2 (yak-shaving for pid namespaces)
- bug 1182565 - Unbreak Thread Sanitizer builds by disabling sandboxing
- Filed https://sourceware.org/bugzilla/show_bug.cgi?id=18683 for the glibc bug discovered last week — fixing that won't actually help us, but being a responsible open source citizen is good.
OS X
- Content Sandboxing - The first bug is at a stopping point. I'm close to having a patch for the second. The third will be quite a lot of work, and I'm putting it off for a few weeks.
- bug 1185084 - Interpose library for reverse engineering Apple's sandboxd
- bug 1186158 - Receive notifications of sandbox violations in the browser on OS X
- bug 1186187 - SandboxMirror kernel extension to help reverse engineer Apple's sandbox implementation
Cross Platform
- WebRTC/OpenH264 Sandboxing
- Shared memory buffer pools
- Fixing some race conditions
- Chromium Sandbox Code
- bug 1183485, bug 1186709: stop requiring MOZ_IMPLICIT in Chromium code, and revert existing uses.
- https://crbug.com/510193: sandbox::bpf_dsl::Arg<int32_t> couldn't be compared to negative numbers