Security/Sandbox/2018-02-08

From MozillaWiki
Jump to: navigation, search

« previous week | index | next week »

tjr

  • bug 1230910 [MinGW] Get sandbox compiled with MinGW - landing last patch today!
  • bug 1235982 [Hardening] Control Flow Guard - landed, need to file/work on followup bugs, couldn't find any crashes
  • WER on symbols:
    • "Today those Stack traces will have failure analysis as "*!unknowns" due to FireFox symbols being unavailable, but we are working to light Symbol publishing path, using which FireFox will able to publish their symbols in DevCenter."
    • I told them we were very interested in that and would be happy to beta test
  • bug 1435296 [Spectre] We want to up timer resolution to 2ms ASAP. Lots of tests fails. CSS Animations are complicated. Think I have this though, trying to land it today.
  • bug 1425462 [Spectre] Timer Fuzzing. Have a path forward.
    • Hardest thing in front of me is turning a LRU Cache into something thread-safe when I have no experience with actually doing that
    • Second hardest is making it performant, but at least this I have lots of ideas to try
  • bug 1430841 [Spectre] Fix Float Fuzziness in ReduceTimerPrecision
    • Still need to work on this
  • Discovered scary CA stuff, we need CT =(

jld

  • bug 1434927 - startup perf regression from network namespace isolation
    • Can't reproduce at all locally (newer kernel, older hardware)
    • gcp can sort of reproduce it, but much smaller effect size (same kernel modulo patches)
    • Eliminated various possible confounders
    • Pattern of regressing tests doesn't entirely make sense -- it's not just a fixed overhead at clone() time; see bug comments.
    • There won't be a “fix”; at best we'll find that some kernel commit optimized some path being used
      • If we can test on an actual test machine with an updated kernel that would distinguish hardware vs. OS
      • Alternately, installing perf(1) on a test machine & getting an interactive login *might* allow finding the part of the kernel where the slowness is
  • bug 1376910 - SysV IPC blocking finally landed
    • Last-minute comment addition to explain the GPU test

Alex_Gaynor

  • bug 1407693 - not creating files in crashreporter is green! but turns out android has a totally different set of code :-(
    • And Android local build instructions are failing on macOS: bug 1436730
  • bug 1435434 - Removing elevatePrivledges from talos so we can delete it once and for all

haik

  • bug 1433577 - [Mac] Enable sandboxing for the Flash NPAPI plugin process
    • Apart from file dialogs, print-to-file, things seem to work as normal
    • Planning to use option-click to disable "safe mode", will send mockups
  • bug 1436566 - [Mac] Land disabled-by-default sandboxing for the Flash NPAPI plugin process
    • Will land it pref'd off in Nightly so Softvision can do some tests next week

bobowen

  • bug 1368268 - Is still happening, slight signature change. :-(
  • bug 1409063 - FF 56.0.1 x64 on W7x64: now creating events in "Microsoft-Windows-Known Folders/ Operational" event log, "Error 0x80070005 occurred while creating known folder" for all known folders, upon each FF startup.
    • Creating patch to remove the OS.Constants.Path attributes that are causing the problem, although I'm not entirely clear why we need these in the content process at all.
  • bug 1435501 - New sec bug.
  • bug 1432381 - Sandbox MinGW Compilation errors: error: narrowing conversion
    • landed this for tor MinGW build.
  • bug 1396984 - Scrollbar becomes black on first connection of second screen
    • looking at kernel debugging

handyman

  • bug 1436253 - PostToDispatchThread concurrency issues
    • Last weeks patch from bug 1433855 was part of the problem but I found others
    • Landed. Waiting for results.
  • bug 1358372 - sndvol.exe shows multiple volume sliders for browser
    • landed
  • bug 1426733 - Enable restricting SIDs in NPAPI proc
    • landed. So far, so good.
  • bug 1307708 - Crash in CallGetKeyState
    • Eyeing this. Should be fixed by bug 1382251

round table

  • graphics meeting with milan