Security/Sandbox/2016-08-11
From MozillaWiki
« previous week | index | next week »
haik
- bug 1228022 - Trigger print jobs from the parent instead of the child for OSX - it's working, but font nametable part not done yet
- bug 1290619 - Content sandbox rules should use actual profile directory, not Profiles/*/ regex's - should have patch out todayish
- bug 1286480 - [10.12] Widevine CDM always crashes on Amazon since upgrade to macOS Sierra - 1-line plugin sandbox fix, want to investigate a bit more
bobowen
- bug 1287446 - Print progress dialog, [Cancel] button is truncated with long document title - uplifted
- bug 1287426 - Update security/sandbox/chromium/ to Chromium stable channel version 49.0.2623.112 - problem with USER_NON_ADMIN access token level - impersonation token on main thread (initial weaker token before lockdown) gets replaced when ::CoInitializeSecurity is called in MainThreadRuntime::InitializeSecurity with one for NT AUTHORITY\ANONYMOUS LOGON with untrusted integrity, so other reads after that fail. Haven't worked out why this happens when USER_NON_ADMIN is used as the lockdown token. Only changes I can see in that area are around lifetime management of token handles, so wondered if the token is getting deleted somehow.
- bug 1288194 - [e10s] Some SVG images do not print - two separate issues - landed and uplifted
tedd
- bug 1104619 - remote audio - small progress with implementation
- bug 1288410 - reviewed patch from :gcp
gcp
- bug 1288410 - Landed
- bug 1289718 Construct a seccomp-bpf policy for file access on Linux Desktop
jld
- bug 1290896 — Fixed the mysterious Skylake bug by allowing readlink.
- Filed some bugs from the syscall meeting Tuesday
- bug 1294286 — clock_getres is a pid/tid lookup; handle like clock_gettime
- bug 1294288 — getdents fact-finding mission
Roundtable
- Bug 942698 - Remove syscalls operating on filesystem paths and network addresses from seccomp-bpf whitelist for Linux/Desktop
- meta?
- Bug 983358 - Get an early sense of how hard it will be to sandbox open() calls
- fixed?
- The Linux temp file thing
- Action: file bug for maybe someday removing the content temp dir
- Action: file bug for using memfd_create where available