Security/Sandbox/2016-09-15

« previous week | index | next week »

2016-09-15

haik

• bug 1228022 - Trigger print jobs from the parent instead of the child for OSX - should be ready to land today
• bug 1290619 - Content sandbox rules should use actual profile directory, not Profiles/*/ regex's - landed!
• bug 1299329 - Remove printing-related privileges from content process sandbox - testing with things that sound print-related removed
• bug 1284588 - OS X: Disable content process write access to user files in the home directory
  • https://treeherder.mozilla.org/#/jobs?repo=try&revision=3a3d2e4a4cc1f856283b87f9fc2fea1605ddc54d

bobowen

• bug 1301034 - Log when non-static file policy AddRule calls fail in Windows SandboxBroker
  • landed - need to uplift
• bug 1147911 - Use a separate content process for file:// URLs
  • Have rough patch that give us a separate process for file://.
  • Needs more testing, but the main problem is that I've discovered that my work around for bug 1287426 and the USER_NON_ADMIN token doesn't give access to network drives. So I might have to back that out tomorrow.

tedd

• bug 1104619 - remoting audio - little progress, working on getting the cubeb.h api remoted
• bug 1289718 - Construct policy - started looking at the newest changes from :gcp
• not much implementation work, mostly security assurance

gcp

• [Bug 1289718] Construct a seccomp-bpf policy for file access on Linux Desktop
• Addressing review comments, looking at try fallout now
• Fixing bugs in profile locking/XRemote

handyman

• bug 1251202 - Implement Default Audio Device Notifications for NPAPI plugins on Windows.
  • Was working with audio on content proc. Very soon working with audio on chrome proc.
• bug 1241250 - Prezi frozen at loading on fresh profile with latest Nightly 64 bits
  • Prezi fix was not valid. They are back on it.

Round Table

Add-ons meeting action items

1. Documenting restrictions on MDN
   1. giving developers a long term view of what's coming so they only need to change things once
   2. documenting rollout plan / rough release estimates
   3. For outreach -> Jorge
2. develop debugging tools
   1. file access (write and read if possible) restriction logging?
   2. bowen: we have MOZ_WIN_SANDBOX_LOGGING on Windows (also pref security.sandbox.windows.log)
      1. http://searchfox.org/mozilla-central/search?q=MOZ_WIN_SANDBOX_LOGGING&case=false&regexp=false&path=
   3. gcp: On linux the file broker can do this
   4. filtering known paths to cut down on log volume
   5. Differentiating between Firefox activity and addons?
   6. static analysis of add-on code?
      1. Hard to do, fraught with accuracy issues.
   7. telemetry logging?
      1. Could we log all content process writes to profile dir? logging without paths? Just to know it happened.
3. Providing a way for add-ons to register area of the file system they want to access to?
   1. transferring of data from chrome too content (GreaseMonkey/ABP/DTA)?
   2. fraught with issues.. probably better to set the policy that data must come over IPC
4. Making sure we have the APIs needed to move existing file access to IPC

Blob/File resources:

   * https://developer.mozilla.org/en-US/docs/Web/API/File
   * https://developer.mozilla.org/en-US/docs/Extensions/Using_the_DOM_File_API_in_chrome_code
   * https://developer.mozilla.org/en-US/docs/Web/API/URL/createObjectURL
   * https://bugzilla.mozilla.org/show_bug.cgi?id=1279186 (FF50, makes createObjectURL apply to all processes)
   * http://searchfox.org/mozilla-central/source/dom/ipc/PBlobStream.ipdl