Security/Sandbox/2017-04-27

From MozillaWiki
Jump to: navigation, search

« previous week | index | next week »

haik

bobowen

  • bug 1360029 - Crash in TppCallbackCheckThreadAfterCallback
    • Low level crash - looks like this is the sandbox.
    • Haven't tried to reproduce yet (windows profile on network drive).
    • Asked for mozregression as seems to be fixed in Nightly.
  • bug 1332122 - Navigating to file:// URLs times out in Marionette if loaded in an al
    • Just come up seems to be remote process switching related.
  • bug 1358964 - Temp folder is not deleted on exit -> dparks
    • Problem when using profile manager and GPU on Fx55, we now create content temp, but don't delete it.
  • bug 1336657 - Firefox 51.0.1 prints only blank pages
    • Looks like some people still don't have write access to their LocalLow dir.
    • Waiting for logging from user, might just need to add in a rule as a catch-all.
  • bug 1359021 - [e10s] Named popup window is opened in duplicate when open it from file: protocol
  • bug 1351358 - Can't submit form to http(s) URL using POST method from a file:// page
    • After a bit of a fight with session history this is pretty much there.
  • bug 1347921 - php _post sometimes blank

handyman

  • bug 1357489 - Flash on Windows save file dialog permissions issue
    • Originally fixed in bug 1284897 -- which is also rebusted
    • Looks like the DLL Interceptor failing to hook methods.
  • bug 1347710 - GPU Sandbox
    • no longer uplifting
    • Breaks webvr drivers

gcp

  • Bug 1308400 - Construct a file broker policy for default-deny read access on the Linux Desktop
  • Patches up, need review (tricky cases with relative paths?), yellow on try, investigating
  • Some of the yellow is xpcshell tests
  • WebRTC team wants to use epoll syscalls. Checked Chrome, seems ok there. Maybe review other rules against Chrome (and syscall arg restrictions)
    • See also bug 1343699, “Consider using poll() instead of libevent” (IPC)

Alex_Gaynor

  • bug 1358223 - Hardcode the lowest allowed sandbox level to 1 (Yay!)
    • Initial patch done, need to go through :bobowen's review
  • bug 1357846 - Failing test at sandbox level 3
    • Fix developed, checkin-needed!
  • bug 1360223 - Another failing test at level 3

jld

  • bug 1358647 - bind/listen/accept removal - is landing
    • This means bug 1358652 (xpcshell using sandboxing), or forcing a non-zero minimum in Gecko, will burn the httpd.js tests
  • DBus
    • The WakeLockListener thing might have an easy solution and is now bug 1360069
      • jimm suggests comparing gtk+ wakelocks with other platforms; there's some disparity that might be significant
    • Others… not sure. ELF interposition isn't working (versioning? lazy loading? both?)
      • Note that it's used indirectly, e.g. via libatspi
    • xpcshell tests seem to have more problems, which, ???
      • But they don't cause test failure, just warnings.
  • Fought the crash reporter for xpcshell test failures
    • Turns out a minidump_stackwalk from 2015 gets a little confused by modern symbols, so local “repro” wasn't.
    • Actual problem: CI seems to not be doing symbols right for xpcshell
      • I should file a bug.
    • (Actual crash cause: nullptr->Release(). This is why we have StaticRefPtr.)
      • (I could wonder why the shutdown crash was only an error for xpcshell...)

roundtable

  • WebExtension native messaging clients don't come down with extensions, they have to be installed by a 3rd party installer
  • <input type="file"> file access happens in the child process
  • Changes in bug 1358223 make me think we should possibly have some sort of central SandboxSettings/SandboxConfiguration/SandboxPolicy class that held this logic. Instead of it being spread throughout the code. Maybe this could be cross platform.
  • Bug 1359460 - WebVR does not present
    • GPU sandbox regression
  • getting 'security.sandbox.logging.enabled' working for all child process types
    • (logging and the GPU process)
  • read restrictions test planning
  • Spreadsheet with chromium seccomp vs firefox seccomp: