Security/Sandbox/2017-09-28
From MozillaWiki
« previous week | index | next week »
haik
- Per-user legacy extension dir issues that might show up on 56/release
- bug 1403669 - [Mac] Per-user and system extensions dir regexes only work for 1-character subdirectory names
- bug 1403744 - [Windows] Whitelist the per-user extensions dir XRE_USER_SYS_EXTENSION_DIR
- Print refactoring
- bug 1328975 - Mac e10s printing needs refactoring, causes sandbox violations to be logged
- bug 1403260 - [Mac] Remove access to print server from content process sandbox
- Prints mostly work, need to debug document title getting dropped somewhere
- bug 1401756 - [Mac] Remove unneeded mach-lookups from plugin sandbox rules
- Needs 10.9 testing
- bug 1393805 - Changes for bug 1332190 broke temporary installations of legacy addons with framescripts
- Working on patches that cover Win/Mac/Linux, need to test and post for review
- bug 1402205 - Non-existent background page blocks extension startup
- landed
Alex_Gaynor
- Investigating GPU process for macOS
- Original need for Windows driven by buggy graphics drivers, less of a problem on macOS
- macOS does not allow compositing to a window from any process besides the one that created it, makes having a GPU process harder
- GPU process moves compositing out of parent process, doesn't change content process
- Content process is still using the GPU, what work needs to happen for us to drop access permissions
- WebGL
- 2D Canvas
- Hardware accelerated video
- Removing excess iokit-open rules
gcp
- bug 1384804 Broken browser when running under a firejail sandbox
- bug 1382323 Firefox 54 on Fedora 26 doesn't launch custom protocol handler
- /tmp stuff
- /etc/ld.so.conf reader
- Setting up SuSE and Arch/Manjaro VM, also checking with Intel iGPU
bobowen
- bug 1372823 - Extend BaseThreadInitThunk gatekeeping to support Windows 64-bit
- This got backed out, haven't had chance to look at it for long. Couldn't reproduce locally.
- bug 1385207 - Audio over RDP connections not working in 56
- This is in the release notes with a link to a support page over how to lower the level.
- bug 1400637 - Crash in mozilla::layers::ImageBridgeChild::InitForContent
- Problem with alternate desktop and AV (particularly Webroot SecureAnywhere).
- Tracked it to the CreateWindowW call in nsAppshell::Init, when it fails we don't get a callback for the windows procedure from the NtUserCreateWindowEx syscall.
jld
- bug 1401776 - The continuing adventures of file descriptor limits; commented.
- Also said a thing about sandboxing on bug 1389812.
- bug 1401666 - “slow webgl performance” — figured out what was going on (probably)
- It's about Mesa figuring out the GPU's userland driver name via its PCI vendor/device IDs, and Ubuntu having “backport” (bpo) drivers with odd names
- Mesa 12: libudev (blocked by sandbox) vs. sysfs (not enabled!) vs. libdrm (hardcoded list is broken for Ubuntu's i915_bpo)
- so, ignores PCI IDs & uses kernel driver name, but “i915_bpo” is wrong
- Mesa 13: libdrm to get PCI IDs directly, no hardcoded kernel driver names
- Local “repro”: interpose drmGetVersion() to overwrite the driver name with XXXXXX.
- Idea for fix: walk /dev/dri & allow what libudev is doing for each device.
- Hope GPU hotplug isn't a thing or isn't relevant to us
- Could also try to intercept the library or system call & strip "_bpo", but that seems more fragile.
- We'll need this for 57
- bug 1403645 (security bug)
- bug 1402133 - Building with MOZ_SANDBOX but not MOZ_GMP_SANDBOX has been broken on Linux since forever
- Also I've been talking about --{en,dis}able-gmp-sandbox for years but it never existed. And I'm the one who added MOZ_GMP_SANDBOX. Oops.
- So I'm feeling more positive towards bug 1375863 (collapse everything into MOZ_SANDBOX)
- tl;dr: One-line patch, also Gentoo is doing something they probably shouldn't.
handyman
- bug 1382251 - Brokering https in NPAPI process
- Started actor work.
- bug 1400169 - Crash in CallHookWithSEH
- Verified some of the theories. Adam is talking to Immunet AV.
- bug 1403707 - Turn on JOB_LOCKDOWN in content proc
- ready
- bug 1339259 - Crash in AudioSession::OnSessionDisconnectedInternal
- Looks like a refcount issue on our IAudioSessionEvents singleton.
We aren't properly considering UnregisterAudioSessionNotification. Trying to get this in today.
Round table
- Q4 OKRs
- The X41 browser security whitepaper talks about sandboxing issues
- Including WebGL remoting (touching on some of the same issues we were talking about while I was typing this)
- https://browser-security.x41-dsec.de/X41-Browser-Security-White-Paper.pdf
- WebGL section starts on p. 102; they like Chrome better than Edge but don't see Chrome's approach as ideal