Security/Sandbox/2018-03-29

« previous week | index | next week »

jld

• (Out sick late last week.)
• bug 1439057 - Blocking /dev/shm: have reviews, but found an annoying bug
  • open+unlink can have the sandbox turned on between those calls
  • The oldest one-syscall alternative is O_TMPFILE, in 3.11. Which is too new.
  • So… pass the broker fd across exec, maybe?
• BTW the Ubuntu 3.2 kernel series (feat. backported seccomp-bpf) is still supported:
  • https://insights.ubuntu.com/2017/03/14/introducing-ubuntu-12-04-esm-extended-security-maintenance
  • https://wiki.ubuntu.com/Kernel/LTSEnablementStack#Ubuntu_12.04_LTS_Extended_Security_Maintenance
  • The kernel version that'd really help is 3.17 (seccomp tsync and memfd_create); for Ubuntu that needs 12.04 and 14.04 to go away.
    • If they don't do 14.04 ESM, that's ~13 months from today….
• bug 1443078 - Firefox 60 breaks running as root in a non-root session, which we didn't support
  • See also bug 1323302 and its dependencies
  • I'll probably take bug 1323302 and try to get it uplifted to 60.
• Trying to help triage / analyze IPC fuzzing bugs

gcp

• bug 1434711 WebGL causes a crash with the AMDGPU-PRO video driver
  • Some progress. Crash due to lack of access to marketing names and different MESA behavior in /sys/
• Reviews

tjr

• [Spectre] Timer Stuff
  • Reduced to 100 us, but might increase to 500 us. VR won't be happy!
  • Intermittents - working on one in particular, but can't repro it on try
  • bug 1436778 Can't reproduce UBSAN issue. MOZ_LOG output?
    • Go look at debug_print_error and ns_warning
• bug 1446466 Landed JS Allocator compartment - will uplift to beta next monday
• Backlog
  • bug 1378552 Audited usages of NullPrincipal::Create - Done
• Third Party Lib Audit Bugs
  • bug 1449244 Remove SphinxBase - Done
  • bug 1448010 Remove some unused SAXXML methods - Done
• Tor Bugs
  • bug 1397757 Learn More link for Canvas (Tiny) - checking in
  • bug 1447592 Don't reset privacy.spoof_english when privacy.resistFingerprinting is flipped back to false (Tiny) - checking in
  • bug 1337157 privacy.resistFingerprinting should disable WEBGL_debug_renderer_info (Tiny) - for review
  • bug 1397624 Make First Party Isolation able to be Private Browsing Mode Only (Medium) - good progress
  • One of the tor folks is working on removing /proc access - I told him to come to #boxing and talk to Jed
    • → https://trac.torproject.org/projects/tor/ticket/20283#comment:10 Okay great :)
• Got web crawl data from Steve Englehardt, going to clear up space and query it for Canvas stuff
• bug 1434316 Big Project: MinGW x64 Build
  • Got it compiling last night, need to resolve some debug build issues, then debug why it segfaults
  • Also need to clean up patches and back port bug 1429875 to ensure that didn't break stuff

Alex_Gaynor

• IPC fuzzing with libFuzzer
  • Working prototype
  • Leaks a ton of memory and spews millions of warning log messages -- need to resolve these to figure out if it works
  • bug 1449679 - First in a probably series of patches to make fuzzing more effective
• Triaged a bunch of IPC sec bugs

haik

• bug 1437281 - OSX dragging image to desktop changes OSX File associations
  • Landed, realized I broke Windows, backed out, have new Mac-specific fix out for review
• 1433577 bug 1433577 - [Mac] Enable sandboxing for the Flash NPAPI plugin process
  • Trying to get print dialog "Open in Preview" to work
    • Can't get it to work so far, probably have to live without
    • MSessionEndDocumentNoDialog() returned -10822 (problem communicating with Launch Services)
    • Print to PDF on Windows doesn't work for me
  • About ready to turn on by default on Nightly only

handyman

• bug 1366256 - NPAPI sandbox level 3
  • need to debug on a loaner
• bug 1436972 - Crash in CLockedList::ForEachEntry
• bug 1449388 - Crash in CLockedList::ForEachEntry in plugin process
  • Bug 1436972 wasn't the issue (but was an issue).
  • I think this is fallout from the restricting SIDs work. Also broke Flash audio device change detection. From the APIs involved, I think they are related.
    • Flash stopped using NPPVpluginRequiresAudioDeviceChanges and returned to IMMDeviceEnumerator (are we sure they ever switched?).
• bug 1445471 - Crash in EndpointHandler::Copy
  • still only one crash. Backburnered.

Round Table

• Q2 2018 OKRs - I've started on this, please fill in additional objectives/results or edit existing and we'll discuss.
  • https://docs.google.com/document/d/1Xkff7fF_1IGWQNCH2oUcSWdsZ2HK012pDx-XJ_sBqxI/edit#heading=h.izxl9crev30e
• WebGL remoting discussion today with Milan and Jeff (3:30pm eastern, Jim's Vidyo)
• add jed, haik,