Security/Sandbox/2017-06-22

« previous week | index | next week »

jld

• Tor Browser 7 vs. sandboxing
  • https://blog.torproject.org/blog/tor-browser-70-released said they had content sandboxing on Linux but they don't
  • But the patches all backport cleanly, so…
  • Filed https://trac.torproject.org/projects/tor/ticket/22692
• Started reviewing the read brokering patch
• Wrote down the Linux sandbox roadmap in the H2 planning doc
  • (maybe I should clean that up and copy it to the public wiki somewhere…)
• Slightly more fun with DRM: bug 1372428
• Wrote the patch for bug 1370578 (extend feature telemetry), got review, but now I have questions…

Alex_Gaynor

• bug 1221148 - Landed: make blob:// URIs work with mozIJSSubScriptLoader
• bug 1374660 - Landed: remove redundant declarations from content sandbox policy on macOS
• bug 1374718 - Landed: Remove strictContentSandbox mochitest flag
• bug 1374557 - New macOS try failures at level 3
• win32k lockdown investigations: starting

gcp

• Bug 1374281
• Bug 1308400 - read brokering - review comments, test failures after cleanups

haik

• bug 1334550 - Proxy moz-extension protocol requests to the parent process
  • Got OK to land from Jim and Kris
  • Honza expecting to get back to me today
• bug 1358090 - Cleanup Mac sandbox policies considering the file content process
  • Cleaning up policies
• bug 1374557 - New OS X try failures with level 3 on task cluster tests

handyman

• bug 1334803 - XFinity login fails due to Flash sandbox
  • diagnosing with kernel debugging
  • hoping for help from MS

bobowen

• bug 1369670 - Blank pages are printed with security.sandbox.content.level set to 3 when Users folder is a junction point
  • Up for review
• bug 1360029 - Crash in TppCallbackCheckThreadAfterCallback
  • Looks like this is down to interaction with third party DLL(s).

roundtable

• Linux telemetry, opt-in vs. opt-out