Security/Sandbox/2017-01-12
From MozillaWiki
« previous week | index | next week »
Contents
haik
- bug 1309394 - Introduce automated tests to validate content process sandboxing works as intended
- On autoland, will uplift to 52
- bug 1324610 - Printing on OS X makes firefox unusable
- Landed and uplifted to 52
- bug 1329822 - file:// documents can't use <a download=foo.txt> to set a download name/force a download
- Have a fix that appears to work, I need understand the remoteType code a bit more
- https://treeherder.mozilla.org/#/jobs?repo=try&revision=76b959de8cd31ed2a1b9dcd4ff12d220661fbbb1
bobowen
- bug 1321724 - [e10s] Local HTML cannot be opened in Firefox 50
- Try build for reporter to test.
- USER_NON_ADMIN is whitelist not blacklist.
- bug 1324064 - [e10s] printing causes content process to crash with Foxit Reader PDF
- Landed and uplifted to Aurora.
- bug 1328257 - Perma failure in browser_webconsole_bug_595223_file_uri.js when Gecko 53 moves to Aurora
- To do with file content process not being enabled.
- Fix landed.
- bug 1152353 - FX 37.0.1 Printer Properties Freeze
- Can reproduce similar problem, it's to do with nested processing when print dialog shown I believe.
- Working on a possible fix.
- Related to bug 1243375, which is a fairly common shutdown hang (Currently #40).
- bug 1321566 - uplifted to Aurora.
- bug 1324000 - landed and uplifted to Aurora.
tedd
- bug 1325647 - automated integer bound checking for IPC
- billm wanted the entire thing to be only in c++
- wrote a new PoC, attached to bug, asked for feedback
gcp
- bug 1329216 crash on "print" in print dialog
- bug 1330326 Make sandboxing policy more configurable via preferences
- mingw build fixes for tor
- X11 procotol and rust
handyman
- bug 1306698 - When resize content/window, image under the flash plug-in is briefly display
- really two bugs: both believed to be for Adobe. Details on both are in the bug.
- Also has a patch (up for review) to fix some minor PluginFrame issues in the Direct Drawing case.
- bug 1284897 - 64 bit Flash Player has storage permissions issues
- still wip
- bug 1329328 - 64-bit Firefox on Win10 - Flash Downloads result in OS Permission errors
- looks like bug 1284897
- bug 1307708 - Crash in [...] mozilla::plugins::PPluginModuleChild::CallGetKeyState
- Still no STR but I have an idea to pursue with m_kato
- bug 1312788 - Add console warning and telemetry if service workers are used in the file content process
- "please request approval by setting the feedback flag for the data collection module owner or a peer"? -- feedback bsmedberg
- bug 1306239 - Add pref to toggle OS X sandbox violation debugging, default off
- Some violations are logged even with debug messages turned off. They come from e.g. the appleevents daemon. There seems to be nothing we can do about them.
- haik suggests we default to 'on' for now.
- Patch is r+
- bug 1251202 - Implement Default Audio Device Notifications for NPAPI plugins on Windows
- Adobe just reported an issue with this on 32-bit.
jld
- bug 1326361 - socket audit: did a little experiment, found DBus
- Not yet known: what opened it, what breaks if it's revoked
- bug 1286865 - took
- bug 778201 - reopened to ni? about whether NPAPI using the proxy service can just go away
- wrote up an alternate idea for the bounds checking thing
- Took a look at https://github.com/servo/gaol — interesting; takes different approaches in some cases; probably not useful vs. what we already have
- Doesn't use a broker; instead, depends on namespaces & bind-mounts stuff into a tmpfs
- fork+unshare+fork, and making parent process a subreaper, to spawn into new pid namespace
roundtable
- Media sandboxing discussion from last week: pointed out risks of camera/voice access sharing
sandbox with networking