Security/Sandbox/2018-01-25

« previous week | index | next week »

Alex_Gaynor

• bug 1428055 - Removed access to macOS sandbox properties that are on-by-default. Landed, no awful fallout (yet).
  • Sent a PI request for additional QA on a variety of hardware
• bug 1432811 - Small code cleanup to GeckoChildProcessHost
• bug 1426807 - Landed fix for a11y + printing, huge thanks to :jwatt for figuring out the fix
• bug 1407693 - CrashReporter file writing, tracked down one of the failing tests finally. Caused by different code paths for sandboxing vs. non-sandboxed process spawning + xpcshell not using the sandbox.
• Heard back from Apple about the security report on (deny dynamic-code-generation) I sent them. They said it's not a bug, so I'll probably do a post (on my personal blog) at some point comparing this with MS's Arbitrary Code Guard.

gcp

• reviews
• bug 1386404 Enable content-process specific tmpdir on Linux
• Fails 2 tests on try, 32-bit linux only (timing)
• Works locally
• Logging shows nothing interesting
• Started to test isolated changes, looks like TMPDIR replacement interferes with profile refresh
• https://treeherder.mozilla.org/#/jobs?repo=try&revision=e75aa9fe47917558c48622c012b893116890d19f

bobowen

• bug 1423628 - Stop processing native events in the content process
  • bug 1396984 - Scrollbar becomes black on first connection of second screen
    • Trying to pass down correct DPI to child process.
  • bug 1430744 - Stop processing native events in the content process on Windows in Nightly
    • Landed
• Lots of reviews
• Probably breaking release with the aid of some AVs.

handyman

• bug 1382251 - Brokering https in NPAPI process
• bug 1429643 - Limit SSL brokering to 64-bit
• bug 1430586 - Intermittent crash @ Checker::StartReadOp
  • fixed new mingw + perma-orange issues blocking landing
• bug 1358372 - sndvol.exe shows multiple volume sliders for browser
  • Attempt to dispatch to main at shutdown
  • Also, MS is apparently working on it
• bug 1415160 - Set process mitigations on NPAPI proc
  • Getting started with Japanese IME
• Updates to graphics doc

haik

• bug 1393259 - [Mac] Remote access to fonts from custom directories, font managers
  • did some more tests and landed on Nightly
• bug 1432567 - [Mac] Add a test that renders fonts from non-standard directories
  • Got python code working to register/unregister font
• Needinfos
• bug 1417005 - [Mac] Allow disabling sandboxing
  • 1-line change to make Mac respect MOZ_DISABLE_GMP_SANDBOX
• Sandboxing Flash plugin process on Mac

tjr

• **This Week:**
• Triaged ~200 [tor] and [fingerprinting] bugs.
  • All P1 bugs here Tor and I are trying to get into 60: https://mzl.la/2DyHp6B
  • All P2 bugs here we're going to try and get 61-62: https://mzl.la/2E7hzrH
  • (This isn't everything I'm working on but it's a component of it)
  • There is a list of ones for Tor to let me know if they are still needed: bug 440892, bug 680300, bug 732096, bug 967979, bug 817255, bug 1205598, bug 1216882, bug 1303456, bug 1432562
• bug 1230910 - [MinGW] Working on uplifting the MinGW Sandbox patches with bobowen, going quick!
• bug 1432213 - [MinGW] Fix MinGW build on Beta branch
• bug 1432009, bug 1432668 - [MinGW] Fix two MinGW perma-fails and messed up David :)
• bug 1409973 - [Fingerprinting] Add tests for Locale/Timezone JS Date Formatting in Resist Fingerprinting Mode. Blocked on bug 1358653
• bug 1425462 - [Spectre] Longstanding work on Timer Fuzzing, moving steadily but slowly =/
• bug 1431842 - [Spectre] Fix intermittent (maybe?) for timer rounding
• **Rest/Next Week**
• bug Something - Investigate /d2guardswtablesuppress (thanks gcp)
• bug 1425462 - [Spectre] More Timer Fuzzing
• bug 1230910 - [MinGW] Finish up the MinGW Sandbox stuff
• bug 1418162 - [Fingerprinting] Fix the ESR detection/version spoofing
• bug 1336208 - [Fingerprinting] Pick up font bug, see if I can carry it across finish line
• bug 1235982 - [Hardening] Hopefully work on Control Flow Guard
• bug 1376819 - [Hardening] Hopefully look into JIT Constant Blinding
• More P1 fingerprinting bugs
• Need to update spreadsheet for Jim
• If anyone is interested in: Private Mac Graphics APIs, Ancient Bugs, and Massive User Experience Annoyances, bug 440895 has had some recent interest.
  • Comment from irc: There's one more hunch regarding SkyLight.framework that I'm investigating atm, but I'm not very hopeful that I'll find the solution in there either.

jld

• The patches I've been talking about for months are finally landing in 60.
• Landed:
  • bug 1401062 - clone(), as mentioned last week
  • bug 1430756 - stop testing for unshare(); was causing assertion failure with containers' external sandboxing
  • bug 1126437 - blocking socket/connect in content
    • This is the important one — raises the bar for sandbox escapes.
    • Potential problem: Nvidia GL has an extra connection to the X server, which is now blocked, but this doesn't seem to affect performance.
    • Sandbox level 4 now exists for this. Level is capped at 3 on Linux if audio remoting is turned off.
    • Probably "fixes" any remaining bind() issues, because they'll quietly fail to socket() instead.
    • Any surprise DBus calls will also start breaking now.
  • bug 1386019 - misc audio stuff that content doesn't need anymore
• Almost landed:
  • bug 1430949 - Network namespace
    • Yak shaving for detecting "remote" X, which includes TCP to localhost.
    • I learned some new things about X11 display names.
  • bug 1213998 - chroot; literally one line
• Wrote:
  • bug 1376910 - The Revenge of SysV IPC Blocking
    • Did telemetry queries to try to figure out how to detect fglrx; actual testing would be nice but I don't have hardware

Roundtable

• jimm: When does the announcement come out?
• Update on from Chromium on their SiteIsolation work: https://groups.google.com/a/chromium.org/forum/#!topic/site-isolation-dev/vbRrahUlZ2I
  • They're now isolation https://accounts.google.com for all users.