Re: sccache as ccache

If you're on macOS, you can also get sccache with `brew install sccache`. Alex On Wed, Jul 26, 2017 at 9:05 AM, Ted Mielczarek wrote: > Yesterday I published sccache 0.2 to crates.io, so you can now `cargo > install sccache` and get the latest version (it'll install to >

Enabling filesystem read-restrictions for content process sandbox

Hi dev-platform, On behalf of the Runtime Content Isolation (aka sandboxing) team, I'm delighted to announce that starting later this week, our macOS and Windows nightly builds will prohibit read access to most of the filesystem in the content process! What does this mean for you? First and

Re: Running mochitest on packaged builds with the sandbox

ever, this is still an option > on the table if a dedicated build and the associated costs is justified. > > > > Cheers, > >- Kearwood “Kip” Gilbert > > > > *From: *Alex Gaynor <agay...@mozilla.com> > *Sent: *May 9, 2017 7:58 AM > *To: *Kearwood Kip Gil

Re: Running mochitest on packaged builds with the sandbox

be considered :-) Cheers, Alex On Tue, May 9, 2017 at 2:25 PM, Gian-Carlo Pascutto <g...@mozilla.com> wrote: > On 08-05-17 19:26, Alex Gaynor wrote: > > Hi dev-platform, > > > > Top-line question: Do you rely on being able to run mochitests from a > > packaged build (`--

Re: Running mochitest on packaged builds with the sandbox

est failures with sandboxed content processes. :-) > > Thanks, > > Ehsan > > > > On 05/08/2017 01:26 PM, Alex Gaynor wrote: > >> Hi dev-platform, >> >> Top-line question: Do you rely on being able to run mochitests from a >> packaged build (`--appn

Re: Running mochitest on packaged builds with the sandbox

lightly expanded access to > resources such as files, registry, and pipes required for communication > with Steam. > > > > Are there any plans to make the sandboxing rules configurable at runtime? > > > > Cheers, > >- Kearwood “Kip” Gilbert > > > >

Running mochitest on packaged builds with the sandbox

Hi dev-platform, Top-line question: Do you rely on being able to run mochitests from a packaged build (`--appname`)? Context: The sandboxing team has been hard at work making the content process sandbox as restrictive as possible. Our latest focus is removing file read permissions from content

Re: Intent to unship: Blocking Top-level Navigations to a data: URI

You read my mind -- thanks! Alex On Fri, Sep 15, 2017 at 1:16 PM, Christoph Kerschbaumer <ckers...@gmail.com> wrote: > > On Sep 15, 2017, at 7:14 PM, Alex Gaynor <agay...@mozilla.com> wrote: > > Hi Christoph, > > Great stuff! > > Are external applications

Re: Intent to unship: Blocking Top-level Navigations to a data: URI

Hi Christoph, Great stuff! Are external applications able to trigger loads of data:, e.g. a desktop mail application, via the OS protocol handler facilities? Alex On Fri, Sep 15, 2017 at 1:08 PM, Christoph Kerschbaumer wrote: > Hey Everyone, > > we plan to prevent web

Re: Intent to ship: Treating object subrequests as mixed active content

How does this behavior compare with other browsers? Alex On Mon, Nov 27, 2017 at 7:47 AM, Jonathan Kingston wrote: > Currently our mixed content blocker implementation treats object > subrequests as mixed passive content. As part of our plan to deprecate > insecure

Re: Visual Studio 2017 coming soon

I don't know about C++14 specifically, but a good example is C++17's std::string_view, which allows an implicit cast from std::string&& and can very easily lead to UAF: https://github.com/isocpp/CppCoreGuidelines/issues/1038 Alex On Mon, Oct 30, 2017 at 10:52 AM, Simon Sapin

Re: Intent to move Activity Stream into its own process

Do you have a sense of how this is going to be implemented? Is there going to be specialized code for this, or is it going to be handled by all the general navigation changes for process-switching when you change sites? Alex On Mon, Jun 18, 2018 at 5:02 PM Mike Conley wrote: > > > > I am not

Re: overly strict eslint rules

On Wed, Jan 3, 2018 at 4:43 AM, Mark Banner wrote: > On 24/12/2017 19:41, Ben Kelly wrote: > >> But I also see rules about cosmetic things like what kind of quotes must >> be >> used for strings. >> AFAICT this kind of rule does not have any tangible safety benefit. Its >>

Re: Intent to Ship - Support already-enrolled U2F devices with Google Accounts for Web Authentication

Is it practical to be data driven about this? Either by telemetry on how frequently this is used in Firefox, or by Google giving us data on how much of their userbase is migrated? This has the benefit of either a) letting us remove code sooner, or b) ensuring we're aware that we'd be breaking the

Intent to ship: macOS sandbox filesystem write restrictions

Hi all, Small FYI: With bug 1405088 which landed yesterday, the macOS content process sandbox no longer allows writing to files _anywhere_ on disk. Huge thanks to the folks who helped out with landing the blockers! Going forward if you need the content process to write something to disk, the

Re: mozilla::Hash{Map,Set}

Would it make sense to consider giving nsTHashtable and PLDHashTable different names? Right now the names suggest that we have 3 general purpose hash tables, but it might be easier if the names better suggested their purpose, e.g. PLDHashTable -> MinimalCodeSizeHashTable (I'm sure we can do better

Re: open socket and read file inside Webrtc

Can you describe in a bit more detail what you're trying to accomplish? As a general rule, the design of the sandbox is that the content process shouldn't/can't access any system resources, and any resource you need should be provided via IPC to the parent process. alex On Thu, Jul 5, 2018 at

Re: Join the ASan Nightly Project!

Hey Christian, This is great! I'm super excited. ASAN helps in another way, besides just giving us much better UAF diagnostics: it catches issues besides crashes! It's very common for small buffer overflows to not corrupt things quite enough to crash. Two small questions: 1) Is there a metabug

Re: FYI: sccache 0.2.6 released, contains fix for frequent hang in 0.2.5

For macOS users this will hopefully be available from brew shortly: https://github.com/Homebrew/homebrew-core/pull/25164 Alex On Tue, Mar 13, 2018 at 9:21 AM, Ted Mielczarek wrote: > Hello, > > Yesterday I tagged and released sccache 0.2.6: >

Re: Coding style: brace initialization syntax

I don't have an opinion on the style change itself, but I'm a very strong +1 on just picking one and making sure clang-format enforces it. Alex On Fri, Apr 13, 2018 at 9:37 AM, Emilio Cobos Álvarez wrote: > Sorry, I know, coding style thread... But it's Friday and this is

Re: The future of "remote XUL"

What was the original intended use case for remote XUL, powerful origins controlled by Mozilla, or enabling developers to build their own powerful origins? Alex On Tue, Mar 27, 2018 at 11:36 AM, Boris Zbarsky wrote: > Background: We currently have various provisions for

Re: CPOWs are now almost completely disabled

Outstanding! I love a good IPC attack surface reduction! Alex On Wed, Jun 27, 2018 at 6:54 PM Tom Schuster wrote: > Since landing bug 1465911 [1], CPOWs [2] are only functional on our testing > infrastructure. In normal builds that we ship to users CPOWs can be > created, but no operations

Re: How to use Phabricator the correct way

Hi Soren, I'm not sure if this is the "correct" way to use phabricator, but it is the way I use it successfully :-) I follow basically your steps, except I use them in tandem with the firefox tree hg extension, and hg bookmarks. So my workflow looks like: $ # create a new bookmark to work on $

Re: Intent to implement: implicit ref=noopener for target=_blank on anchor and area elements

I'm very excited about this -- in my experience very few developers know about the dangers of target=_blank. Do we have any sense of how large the breakage will be, and do we have any docs for developers who are impacted? (I assume rel=opener is the fix?) Yay! Alex On Wed, Nov 21, 2018 at 3:29

Re: Intent-to-Ship: Backward-Compatibility FIDO U2F support for Google Accounts

On Tue, Mar 26, 2019 at 3:46 PM J.C. Jones wrote: > (Sorry for the delay in replying, had a long-weekend of PTO there) > > On Thu, Mar 21, 2019 at 7:08 AM Henri Sivonen > wrote: > > > On Thu, Mar 14, 2019 at 8:12 PM J.C. Jones wrote: > > > It appears that if we want full security key support

Re: Intent-to-Ship: Backward-Compatibility FIDO U2F support for Google Accounts

There are a lot of good reasons to oppose this: - This is a very frustrating _expansion_ of non-standard APIs, more than a year after we shipped the W3C standard API - It'll put pressure on other browsers, which were only implementing webauthn, to also support u2f.js - It'll prolong the period of

Intent to ship: Devirtualizing IPC method calls (bug 1512990)

Hi dev.platform! I wanted to let everyone know about some changes to how C++ IPDL actors are implemented that are currently in the process of being landed (I expect to land them to autoland tomorrow morning). This message will summarize these changes, for complete details see

Re: intent to unship: HPKP (dynamic key pinning)

Hi Dana, One thing I don't see mentioned here is certificate transparency, which, while not a 1:1 replacement, nevertheless strongly contributes to the same goal of control over issuance. Is there a plan to implement SCT verification in Firefox, similar to what Chrome and Apple have shipped?