Security/Sandbox/2018-02-22

From MozillaWiki
Jump to: navigation, search

« previous week | index | next week »

tjr

  • MinGW
    • bug 1439365 Add Opt Build
    • bug 1411401 Trying to figure out why the MinGW build doesn't run. Sandbox is causing an issue. Maybe Bob can help :)
    • bug 1434316 x64 MinGW Build. Current error: bug 1440013: undefined reference to `__imp_mozalloc_abort'
  • Float Stuff
    • bug 1438953 - Fixing epsilon due to double imprecision
    • {Bug|1430173}} - ESR Patch for 2ms
    • {Bug|1425462}} - Timer Jittering
  • Fingerprinting
    • bug 1435329 Fixup a hash key calculation
    • bug 1418162 Fix ESR detection
    • bug 1376865 Improve Canvas Permission prompt - currently blocked on BrowserTestUtils.synthesizeMouse not working. Anyone work with this before?

gcp

  • bug 1438215 - Sandbox breaks ATI fglrx driver
    • getppid seems to be involved, but still seeing crashes with no useful log/trace
  • Reviews in other components
  • Some words with data/sync people about IPC replacements


haik

  • bug 1433577 - [Mac] Enable sandboxing for the Flash NPAPI plugin process
    • Lock down process more
      • Some services can be removed
      • Changed the temp dir to be a flash-specific subdir of $TMPDIR instead
    • Got file dialog to work without read access
      • Requires adding services that let you read files via sandbox extensions
      • Security implications
    • Can't get Print "Open in Preview" to work
    • Research/debugging/grunt work

jld

  • bug 1440206 - filed bug for brokering connect()
    • Because GPU drivers.
  • Shared memory (mostly IPC)
    • bug 1439057 - filed bug to remove full /dev/shm access
    • bug 1440203 - filed bug separate bug to use memfd_create
      • Can't depend on it, so it's just an optimization
      • Should "fix" bug 1245239 on newer kernels because memfds aren't subject to FS sizes/quotas/etc.
    • bug 1440199 - removing named shared memory (& other dead code) from IPC; have patches
  • Process launch fd/handle passing
    • Was reviewing/advising on bug 1438678 (prefs via shared memory) and the "user story" here is… not fun.
    • bug 1440207 - filed bug with observations and vague ideas
    • bug 1438389 - handling chown(); simple; landed

Alex_Gaynor

  • bug 1348361 - make spawning new content processes not block
    • Working on diagnosing the performance problems. Was not where I expected.
    • bug 1440019 - split some changes out that could be landed separately to make it easier to review
  • bug 1440034 - regression from the crashreporter patch that Jed caught
    • Should be ready to land today

Roundtable

  • WebGL remoting?
    • jeff muizelaar would look at it next release cycle