Security/Sandbox/2017-12-07

From MozillaWiki
Jump to: navigation, search

« previous week | index | next week »

bobowen

  • bug 1423296 - Firefox never fully starts when launched from network drive on Windows
    • Caused by MITIGATION_IMAGE_LOAD_NO_LOW_LABEL - patch up for review.
  • bug 1422053 - LaunchApp failure calls ClearOnShutdown off main thread
    • Landed - need to request uplift to Beta.
  • bug 1423644 - Don't create the nsAppShell hidden message window, when not using native event processing.
    • On inbound - hopefully this will finally mean we can use the Alternate Desktop, once we get rid of native event processing.
  • bug 1395187 - It seems that it takes a long time to start the browser since Bug 1384336 landed
    • On inbound - blocker for turning off native event processing, found flag that means we never show the waiting flag for the launched child.
  • bug 1423628 - Stop processing native events in the content process

gcp

  • bug 1257276 Allow specification of environment variables when creating child processes
  • And the cascade of related bugs
  • patch is r+
  • I think I need to support the non-sandboxed case too though?
  • link issues with 2x chromium code (prolly because win is using a separate static lib..) BASE_EXPORT/SANDBOX_EXPORT?

haik

  • bug 1393259 - [Mac] Remote access to fonts from custom directories, font managers
    • Top-level protocol version is working
    • Remoting font API doesn't work for multi-face font files (CGFontCreateWithDataProvider())
    • Did some experiments with CTFontManagerRegisterFontsForURL()
  • bug 1421957 - [mac] "Open in Preview" sometimes triggers a "Load the following paper into the rear tray" popup then fails
    • Possible regression of bug 1403260 - [Mac] Remove access to print server from content process sandbox

Alex_Gaynor

  • bug 1407693 - don't create files in crashreporter; revised for gsvelto's review
  • bug 1414834 - re-land print IPC changes; landed!
  • Disallow ParamTraits implementations for enums, require use of ContiguousEnumSerializer
    • Fixed a few existing implementations
    • Static analysis landed
  • Out of Process JIT research
    • Reviewing Chakra implementation
    • Need to threat model exactly what level of attacker control the remote API needs to be resilient to
    • Preparing for meeting with the SM team next week!

jld

  • Upgrading my OS to try to get Vidyo to work broke Firefox… but only debug builds.
    • bug 1422907. Turned out to compiler-version-dependent (maybe compiler bug, maybe UB that will bite us later)
    • GCC 7.2.0 is bad, GCC 7.2.1 works
      • Fortunately, Debian uploaded 7.2.1 on Tuesday
    • Also ran into bug 1423684 trying to find a “good” revision to bisect that
      • (There probably is no “good” revision.)
  • Reviews (mostly the env var thing)
  • bug 1401062 - Did the pref thing, then realized it's not worth the code complexity
    • Content: currently we're not using namespaces, so existing sandbox level prefs would suffice
    • GMP: can use MOZ_ASSUME_USER_NS=0 to troubleshoot, but weakens sandbox
      • So if we would “pref off” on release, instead back out the patches. But release isn't until March, so probably won't happen.
    • (I should write this up with more words in the bug.)
    • The longjmp approach seems to be working
      • …but, speaking of IPC Chromium vs. Sandbox Chromium, if we could use modern Chromium base/process/launch then there's be a little less rewritten code here

handyman

  • bug 1382251 - Brokering https in NPAPI process
    • Passed Adobe's tests. They will announce the Nightly change to their beta forums.
    • Finishing reviews. Had to add HttpSendRequestExA.
  • bug 1415162 - Set USER_LIMITED on NPAPI proc
  • bug 1415160 - Set process mitigations on NPAPI proc
    • The old STRICT_HANDLEs issue (Amazon Instant Video) no longer exists but I found other issues.
  • bug 1421944 - Cubeb audio device notification failure
    • Can fix with (Un)RegisterEndpointNotificationCallback brokering or by changing cubeb source
  • bug 1419611 - Flash print-to-file
    • Was a known issue

Roundtable

  • complaints related to the RDP audio issue
    • broken by level 3
  • Progress on WebRTC audio device access: bug 1397793 landed, unblocking bug 1394163.