Security/Sandbox/2017-04-06

From MozillaWiki
Jump to: navigation, search

« previous week | index | next week »

bobowen

  • bug 1352192 - Crash in mozilla::SandboxBroker::SetSecurityLevelForContentProcess
    • Happening because of chromium update and patch to chromium sandbox for other bug.
    • Problem with update process that sometimes means the old firefox binary is running with new libraries.
  • bug 1329294 - Windows content temp dir not in LocalLow for parent on new profile
    • Realised this was to do with new profile and the GPU process on related bug.
    • Fix backed out as my assertion was triggered in browser refresh test.
    • Waiting for advice from bsmedberg.
  • bug 1344465 - Can't submit form using post method form WebExtensions or file:// page
    • Making progress on this trying to align our behaviour with chrome's a bit, as far as what pages load in the same process as the file:// URI page.

jld

  • WONTFIXed a bunch of B2G stuff (and salvaged or at least commented on some of it)
  • Commented on some other bugs
  • Found the missing telemetry: “Don't Sanitize”
    • Syscalls found:
      • Aurora/amd64: chdir, newfstatat, inotify_init
      • Aurora/i386: msgsnd (SysV message queues)
      • Nightly/amd64: utime, newfstatat, inotify_init
      • Nightly/i386: mknod (maybe mkfifo?)
    • …I need to file some bugs.
    • Stacks would help; bug 1209131 may be relevant.
    • Volume seems to be low, but needs more investigation.

haik

  • bug 1334550 - Proxy moz-extension protocol requests to the parent process
    • Got green try run
    • Found new problem need to resolve when new content processes startup

Alex_Gaynor

  • bug 1348269 - Improved logging if we fail to spawn a sandboxed process on Windows
  • bug 1353040 - Moved the macOS sandbox policy from using string interpolation to explicit parameters

Tedd

  • Auditing/Static analysis work

roundtable

  • 4 weeks into 52 cycle, clean release for OSX level 1 sandbox