PR_GetNumberOfProcessors opens /sys/devices/system/cpu/present in content processes

NEW
Unassigned

Status

()

P3
normal
5 years ago
2 years ago

People

(Reporter: jld, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: sb+)

In nsprpub/pr/src/misc/prsystem.c:

    221     const char *cpu_present = "/sys/devices/system/cpu/present";
    224     fin = fopen(cpu_present, "r");
Bionic also opens this file for sysconf(_SC_NPROCESSORS_CONF) and sysconf(_SC_NPROCESSORS_ONLN).
OS: Linux → Gonk (Firefox OS)
Hardware: x86_64 → All
Move process sandboxing bugs to the new Bugzilla component.

(Sorry for the bugspam; filter on 3c21328c-8cfb-4819-9d88-f6e965067350.)
Component: Security → Security: Process Sandboxing
Sorry for the bugspam; filter on 086f2ac3-ac15-4299-889b-009181af5029.
Blocks: 1121295
Sorry for the bugspam; filter on 086f2ac3-ac15-4299-889b-009181af5029.
No longer blocks: 930258

Updated

3 years ago
Whiteboard: sb+
From the code referenced in comment #0, this could also affect desktop Linux (once we can get to a default-deny read policy and start pruning what's left).
OS: Gonk (Firefox OS) → Linux
Further notes: NSPR will fall back to sysconf(_SC_NPROCESSORS_CONF) if it gets an error from opening the sysfs file, but that just moves the problem down a layer.  glibc tries readdir() on /sys/devices/system/cpu, then falls back to parsing /proc/cpuinfo if that fails, then just returns 1 if that fails.  musl libc calls sched_getaffinity (and returns how many CPUs the process can actually use, rather than how many the hardware has); we currently allow that syscall for content processes, and it's not that dangerous.

Updated

2 years ago
Priority: -- → P3
You need to log in before you can comment on or make changes to this bug.