Security/Sandbox/2017-05-25

From MozillaWiki
Jump to: navigation, search

« previous week | index | next week »

jld

  • bug 1362601 - My LD_AUDIT proof-of-concept is breaking on Try and I don't know why.
    • Might need to just unblock syscalls for 54 and fix it properly later
    • Or maybe it's not even broken.
    • Action items: find contacts / reach out, and also see if Chromium has had problems
  • bug 1322784 - utime isn't a problem on non-Nightly
    • ORBit is setting mtime and atime to 0 to “hide some information” (but, uh, ctime?)
    • …but ignores the return value.
  • bug 1355273 - inotify fix is on beta
  • bug 1355274 - socketpair workaround is landed; will ask for beta uplift when it's had a few days
  • bug 1303813 - yet more madvise (huge pages); landed
    • Won't uplift; doesn't affect non-beta, since jemalloc ignores failures.
    • And we don't use this on official builds, so losing the optimization isn't hugely important.
  • bug 1361703 - allow epoll_create; reviewed

Alex_Gaynor

  • bug 1363760 - Install specialpowers as a non-temporary addon - blocker for further removing filesystem access
    • Preliminary r+ from addons, need to r? test/build peer
  • bug 1358223 - Hard code lowest allowable content process level
    • Just need to get the telemetry pieces correct. Do people have opinions on using prefs vs. a new item?

haik

  • bug 1334550 - Proxy moz-extension protocol requests to the parent process
    • Addressed Kris's feedback, pushing to address some things in follow-up
    • Got r+ from mayhemer (Necko), still need r+ from Kris
  • bug 1350642 - Remove the PBrowser::Msg_GetTabCount sync IPC
    • Minimal fix probably isn't going to work, looking at more involved fix Ehsan recommended
    • Got a list of people to ask if I need help

bobowen

  • bug 1358497 - Firefox 52.1 ESR has stopped working exception code e06d7363
    • Requested some logging from reporter, as well as testing Beta.
  • bug 1364879 - Local file opened from private window does not open in private window
  • bug 1339105 - Implement Windows Level 3 content process sandbox
    • Landed although I need to remove the limitation of user handles in DEBUG.
  • bug 1358964 - Temp folder is not deleted on exit
    • Picked this up now, looks like there's a simple fix for this issue, but I need to rethink the clearing up of the directories in general, I'll file another bug.

roundtable

  • WebRTC-via-proxy on Linux, using system proxy config: Is it broken? Would we know if it was?
  • Will sandboxing on Android (Fennec, GeckoView, ???) ever happen, or should we unifdef the Linux sandboxing code?