Security/Sandbox/2018-01-04

« previous week | index | next week »

haik

• bug 1404298 - Crashes with read-access content sandboxing triggered by mounted volumes
  • Uplifted to Beta
• bug 1421262 - Firefox renders garbage viewing PDFs or Google Docs with nVidia driver
  • Landed on Nightly
  • Filed related bug 1427827 - [Mac] Downloadable Nvidia drivers shader caching blocked by content sandbox
• bug 1393259 - [Mac] Remote access to fonts from custom directories, font managers
  • Prototype using sandbox extensions is working

gcp

• clang builds on windows for bug 1297740

bobowen

• bug 1423628 - Stop processing native events in the content process
  • bug 1395536 no longer a blocker can be reproduced with or without pref
  • bug 1396984 still investigating
  • Looked into turning on just for Mac and Linux bug 1426100, but seems to cause regressions on Talos
• bug 1421944 - Webrtc microphone input broken in Windows Insider Preview Build 17046
  • Looks like Microsoft have a fix for this

Alex_Gaynor

• bug 1381050 - Arbitrary Code Guard - initial design document written and feedback from the JIT team incorporated
• bug 1428055 - Block some secret macOS sandbox rules
  • Works ok
  • Might be a macOS bug related to one of them
• bug 1426807 - Print IPC regression with a11y, need to figure out how to get a copy of these

jld

• The clone/chroot/network stuff is pretty much ready
  • bug 1401062, bug 1213998, bug 1126437, …
• Got info on bug 1421201 but now it makes even less sense
  • sendmsg should be succeeding, but the child never gets it

handyman

• Brainstorming removing graphics from content
  • Turned out the idea mimics Chromiums...
  • https://docs.google.com/document/d/1dVXanL94LnfWFx5IByGplZBj5Waa2meBeEYugkP436c/edit?usp=sharing