Security/Sandbox/2017-05-25
From MozillaWiki
« previous week | index | next week »
Contents
jld
- bug 1362601 - My LD_AUDIT proof-of-concept is breaking on Try and I don't know why.
- Might need to just unblock syscalls for 54 and fix it properly later
- Or maybe it's not even broken.
- Action items: find contacts / reach out, and also see if Chromium has had problems
- bug 1322784 - utime isn't a problem on non-Nightly
- ORBit is setting mtime and atime to 0 to “hide some information” (but, uh, ctime?)
- …but ignores the return value.
- bug 1355273 - inotify fix is on beta
- bug 1355274 - socketpair workaround is landed; will ask for beta uplift when it's had a few days
- bug 1303813 - yet more madvise (huge pages); landed
- Won't uplift; doesn't affect non-beta, since jemalloc ignores failures.
- And we don't use this on official builds, so losing the optimization isn't hugely important.
- bug 1361703 - allow epoll_create; reviewed
Alex_Gaynor
- bug 1363760 - Install specialpowers as a non-temporary addon - blocker for further removing filesystem access
- Preliminary r+ from addons, need to r? test/build peer
- bug 1358223 - Hard code lowest allowable content process level
- Just need to get the telemetry pieces correct. Do people have opinions on using prefs vs. a new item?
haik
- bug 1334550 - Proxy moz-extension protocol requests to the parent process
- Addressed Kris's feedback, pushing to address some things in follow-up
- Got r+ from mayhemer (Necko), still need r+ from Kris
- bug 1350642 - Remove the PBrowser::Msg_GetTabCount sync IPC
- Minimal fix probably isn't going to work, looking at more involved fix Ehsan recommended
- Got a list of people to ask if I need help
bobowen
- bug 1358497 - Firefox 52.1 ESR has stopped working exception code e06d7363
- Requested some logging from reporter, as well as testing Beta.
- bug 1364879 - Local file opened from private window does not open in private window
- Fixed by bug bug 1351358
- bug 1339105 - Implement Windows Level 3 content process sandbox
- Landed although I need to remove the limitation of user handles in DEBUG.
- bug 1358964 - Temp folder is not deleted on exit
- Picked this up now, looks like there's a simple fix for this issue, but I need to rethink the clearing up of the directories in general, I'll file another bug.
roundtable
- WebRTC-via-proxy on Linux, using system proxy config: Is it broken? Would we know if it was?
- Will sandboxing on Android (Fennec, GeckoView, ???) ever happen, or should we unifdef the Linux sandboxing code?