Security/Sandbox/2017-04-06
From MozillaWiki
« previous week | index | next week »
Contents
bobowen
- bug 1352192 - Crash in mozilla::SandboxBroker::SetSecurityLevelForContentProcess
- Happening because of chromium update and patch to chromium sandbox for other bug.
- Problem with update process that sometimes means the old firefox binary is running with new libraries.
- bug 1329294 - Windows content temp dir not in LocalLow for parent on new profile
- Realised this was to do with new profile and the GPU process on related bug.
- Fix backed out as my assertion was triggered in browser refresh test.
- Waiting for advice from bsmedberg.
- bug 1344465 - Can't submit form using post method form WebExtensions or file:// page
- Making progress on this trying to align our behaviour with chrome's a bit, as far as what pages load in the same process as the file:// URI page.
jld
- WONTFIXed a bunch of B2G stuff (and salvaged or at least commented on some of it)
- Commented on some other bugs
- Found the missing telemetry: “Don't Sanitize”
- Syscalls found:
- Aurora/amd64: chdir, newfstatat, inotify_init
- Aurora/i386: msgsnd (SysV message queues)
- Nightly/amd64: utime, newfstatat, inotify_init
- Nightly/i386: mknod (maybe mkfifo?)
- …I need to file some bugs.
- Stacks would help; bug 1209131 may be relevant.
- Volume seems to be low, but needs more investigation.
- Syscalls found:
haik
- bug 1334550 - Proxy moz-extension protocol requests to the parent process
- Got green try run
- Found new problem need to resolve when new content processes startup
Alex_Gaynor
- bug 1348269 - Improved logging if we fail to spawn a sandboxed process on Windows
- bug 1353040 - Moved the macOS sandbox policy from using string interpolation to explicit parameters
Tedd
- Auditing/Static analysis work
roundtable
- 4 weeks into 52 cycle, clean release for OSX level 1 sandbox