Security/Sandbox/2016-06-09
From MozillaWiki
« previous week | index | next week »
bobowen
- bug 1275813 - Crash in base::win::PEImage::GetProcOrdinal - emailed Kev Needham a couple of days ago - seems to have almost disappeared.
- bug 1276717 - Print Preview and output much smaller than original/document size in one profile - landed and uplifted - relnote added to Fx47 with link to article.
- bug 1278528 - Don't try to initialize the sandbox TargetServices when we are not sandboxed - landed
- bug 1278547 - Don't attempt to delete the content process temp directory when it is the normal temp - landed
- bug 1278537 - Print dimensions aren't passed when printing silently via the parent - patch up for review ... after all the problems I've had with the always_print_silent pref, the thing that annoys me most is that print, being a verb, needs an adverb not an adjective, so it should be always_print_silently.
- bug 1252877 - Add support for taking plugin window captures at the start of a scroll - after delay by some of the above and also a sec bug, I've just got back to this today.
tedd
- bug 1274873 - [landed] gmain signal blocking issue on systems with no TSYNC
- bug 1275781 - [landed] seccomp violation: sys_accept
- bug 1275785 - [landed] seccomp violation: sys_bind
- bug 1275786 - [landed] seccomp violation: sys_listen
- bug 1275920 - [inbound] seccomp violation: sys_rt_tgsigqueueinfo
- bug 1276470 - [landed] seccomp violation: sys_statfs
- Progress on investigating try failures with seccomp enabled:
- https://bugzilla.mozilla.org/show_bug.cgi?id=579388#c11
- https://dxr.mozilla.org/mozilla-central/rev/ec20b463c04f57a4bfca1edb987fcb9e9707c364/uriloader/exthandler/unix/nsOSHelperAppService.cpp#1069
- tl:dr nsOSHelperAppService is executing shell commands in content (blocks seccomp on nightly)
gcp
- bug 1273852 - socket calls. Still dancing around 32-bit/64-bit/Linux kernel version differences
- File system broker with paths - will file bugs
- FYI Chromium has no file access in content/rendered at all :-/
haik
- bug 1272764 - Remove OS X 10.6-10.8-Specific Sandboxing Code - landed
- bug 1272772 - Inline system.sb and remove unneeded rules - landed
- bug 1270018 - NS_APP_CONTENT_PROCESS_TEMP_DIR should only return the sandbox writeable temp - need to make multi-process safe
More updates to https://wiki.mozilla.org/Sandbox/OS_X_Rule_Set https://wiki.mozilla.org/Security/Sandbox/Deny_Filesystem_Access
aklotz
- bug 1276961 - Reviewed