Security/Sandbox/2018-03-08

From MozillaWiki
Jump to: navigation, search

« previous week | index | next week »

tjr

  • bug 1411401 MinGW Build Doesn't Run
    • Thought I could reproduce crashes, then it started running ??)
    • Tried running tests. Zero passed. Need to go back to the drawing board.
  • bug 1425462 Timer Fuzzing landed
    • Followup: Fixed 3 intermittents and a heap out of bounds read
  • Working on Context Seed bug 1440195
    • Almost have it, but I'm initializing NSS too early for xpcshell again...
  • Now that we're close to release, people are concerned about the 2ms timer bump, going to probably have meetings...
  • Met with De Tar to try to put Memory Partitioning and JIT Constant Blinding on their schedule
  • Halved build times (I think) in bug 1443252
  • bug 521435 is the 'Let's use LTO on Linux' bug.
  • I worked on Mingw x64 builds, but have a symbol error here: bug 1443823 if anyone has any suggestions
    • And I filed a bug to add -Wa,-mbig-obj to solve 'too many sections' errors for Mingw x64 bug 1440013

bobowen

  • bug 1441598 - Crash in IPCError-content | PPrintProgressDialog::Msg_CancelledCurrentJob Route error: message sent to unknown actor ID
    • Patch landed - decided not to uplift to release so close, but might ride along on a dot release.

gcp

  • bug 1438394 The fglrx detection from bug 1376910 is sometimes not working.
    • Repro, distro specific, fix on try
  • bug 1438215 Sandbox breaks ATI fglrx driver
    • Not fixable on our side without sandbox disable
  • bug 1420282 MESA-LOADER: failed to retrieve device information
  • bug 1416016 WebGL creation failed on some websites on Linux

jld

  • Audio is broken (if PulseAudio isn't already running and if not remoted)
  • GL is broken (for some hybrid GPU setups)
    • (Still need to update bugs)
    • Plan: broker connect() for pathname (non-abstract) addresses; allow local X and bumblebee
    • Have patch; confirmed with someone who has Primus working that it does in fact fix things
    • Tried getting this stuff to work on a MacBook and a desktop
      • On the MacBook I had trouble getting the kernel to talk to gmux (Apple custom display mux) to use the iGPU
      • (Also you need EFI hacks to do the things you'd do in a PC's BIOS config UI.)
      • On the desktop, monitors aren't a problem, but I still had crashes, *but* late enough to get the policy figured out
    • nvidia is fine; the socket is for stuff we're not doing in content
  • Re bug 1438394 being distro-specific: Debian & Ubuntu have /proc/sys/kernel/unprivileged_userns_clone
    • (Ubuntu defaults to 1 (at least on “desktop” installs), Debian defaults to 0, and people who aren't me probably don't change it.)

Alex_Gaynor

  • bug 1348361 - make spawning new content processes not block the main thread
    • Failing linux tests from last week are fixed
    • Still a handful of failing tests on Android
    • Ask me about all the bugs you run into trying to run tests in the Android emulator (bug 1433279, bug 1443816, ...)

haik

  • bug 1437281 - OSX dragging image to desktop changes OSX File associations
    • Have a fix uses a sync message
    • Have a fix that doesn't add an IPC message, getting feedback on it
  • bug 1433577 - [Mac] Enable sandboxing for the Flash NPAPI plugin process
    • Should be out for review today
    • Using file-dialog read access extensions--turns out the services needed for this are also needed with global read access allowed.
    • Enable for Nightly in 61

handyman

  • bug 1366256 - NPAPI sandbox level 3
    • camera works but has shutdown issues
  • bug 1427011 - Crash in CAudioSessionControl::QueueStreamSwitch
    • Looks like stale IMMNotificationClient. Probably cubeb.

Roundtable

  • Bug 1440849 -(angle-60) Update ANGLE in 60 - FIXED
  • fuzzing meeting
  • pwn2own next wed -> friday