Security/Sandbox/2016-04-28

From MozillaWiki
Jump to: navigation, search

« previous week | index | next week »

bobowen

  • bug 1258609 - Crash while printing via parent with pdf.js , about:memory shows large heap unclassified - landed
  • bug 1035125 - On Windows, plugin-container.exe is linked against the sandbox_s library twice - turned into a fight between crt allocation and jemalloc, had to get rid of all the crt static linking to keeping it working when compiled with VS2013 - nearly there.
  • Looks like I've broken printing with the hidden pref print.always_print_silent in some circumstances on release. Waiting for new bug filed with some printing prefs from the user.
  • Also realised while doing bug 1035125 the we can't have alternate desktop and winstation on GMP and alternate desktop and not winstation on content.

haik

  • bug 1267453 - 1 line patch posted, add new hole in sandbox, working on confirming the Chromium plugin sandbox does the same

tedd

  • bug 1176099 - gmain signal blocking - messed around with unit tests, finally landed today
  • bug 1259508 - sys_clone violation - some discussion, seems like audio is no problem to do early init, get the feeling the same thing applies to the ProxyService, talk about remoting it
  • bug 742434 - enable seccomp on nightly - still depends on 579388 (nsOSHelperAppService remoting), didn't run into problems there, do we still need to depend on it?

aklotz

  • No sandbox updates this week

GCP

  • Looking at Linux with MOZ_PERMISSIVE_CONTENT_SANDBOX
  • Will try to set up basic policy that isn't all allow
  • Sandboxing Telemetry
  • https://bugzilla.mozilla.org/show_bug.cgi?id=1187099
    • Idea: could we fake the $profile dir we give to addons and move them under a subdir that we whitelist?
    • Would require knowing which are "Firefox" files and which ones not so those aren't moved.

round table

  • e10s and sandboxing update session
  • meeting or session space in London?