Security/Sandbox/2016-05-26

« previous week | index | next week »

bobowen

• Filed bug 1274952 - Move process sandboxing defines into browser/
• bug 1270447 - Printing via parent fails when using pref print.always_print_silent=true - reviewed
• bug 1274937 - Add outer window ID to nsFrameLoader::Print to allow printing of frames - reviewed
• bug 1275194 - Crash in nsPrintData::DoOnStatusChange - landed
• bug 1250125 - Make a 0 security.sandbox.content.level turn off the content process sandbox to allow Beta testing - landed
• bug 1252877 - Add support for taking plugin window captures at the start of a scroll - started looking at this
• bug 1271890 - Crash in base::win::PEImage::GetProcAddress - not got much further with this, wonder about loading plugin-container.exe permanently
• bug 1275813 - Crash in base::win::PEImage::GetProcOrdinal - looks like this might be down to third party security product
• bug 1272704 - NSPR logging appears to be broken on Windows from Content processes - considering just removing the code that disallows forward slash in nsLocalFileWin.cpp

haik

• bug 1272764 - Remove OS X 10.6-10.8-Specific Sandboxing Code - on inbound
• bug 1272772 - Inline system.sb and remove unneeded rules - out for review
• wiki https://wiki.mozilla.org/index.php?title=Sandbox/OS_X_Rule_Set

tedd

• bug 1274553 - file broker stat() problem in permissive mode - caused the file broker issues that I encountered - landed
• bug 1259508 - sys_clone violation related to audio - landed

• bug 1274873 - gmain signal blocking issue on systems with no TSYNC - patches submitted, review requested
• bug 1275781 - seccomp violation: sys_accept - encountered during tests on try - patch pending
• bug 1275785 - seccomp violation: sys_bind - encountered during tests on try - patch pending
• bug 1275786 - seccomp violation: sys_listen - encountered during tests on try - patch pending
• bug 1275920 - seccomp violation: sys_rt_tgsigqueueinfo - encountered during tests on try - unclear how to solve this yet (pretty dangerous system call)

• bug 1274826 - app crasehs on B2G related to patch for bug 1176099 - decided not to build hooks on b2g

• latest try push with seccomp enabled and previous mentioned patches + more: https://treeherder.mozilla.org/#/jobs?repo=try&revision=855e7084f80d
  • couple of sys_clone violations (https://dxr.mozilla.org/mozilla-central/source/widget/gtk/nsAppShell.cpp?from=PollWrapper#42 )
• added new sheet with lists of files accessed: https://docs.google.com/spreadsheets/d/12wk_5n5PDzgqXCjmCUnblsXw5QdR5gGYroBxtCrYVBU/edit#gid=1930573183

• sandbox security model draft doc from Paul Theriault: https://docs.google.com/document/d/1TiU9iXZT05hljOx2f-eUb_RB5Gwor01unCYSEb7xgjs/edit

aklotz

• No sandboxing work this week

roundtable

• bug 1274706 - Reduce message size for PExternalHelperAppChild::SendOnDataAvailable
• bug 1270018 - bsmedberg is suggesting the "move sandboxed temp dir creation and destruction into directory service provider" route