Closed
Bug 1126437
Opened 10 years ago
Closed 7 years ago
Remove socket creation/connect from Desktop Linux content processes
Categories
(Core :: Security: Process Sandboxing, defect, P2)
Tracking
()
RESOLVED
FIXED
mozilla60
| Tracking | Status | |
|---|---|---|
| firefox60 | --- | fixed |
People
(Reporter: jld, Assigned: jld)
References
(Depends on 1 open bug, Blocks 1 open bug)
Details
(Whiteboard: sb+)
Attachments
(2 files, 1 obsolete file)
The other half of bug 942698 is sockets.
One known problem here is audio access — one of the possible backends is PulseAudio, which uses sockets to send audio data to the server (typically Unix-domain for a local audio server, but remote audio over IP is possible), and connects to the X11 server to try to read configuration information from root window properties (also possibly remote, and very problematic for security in any case).
Hopefully it will be possible to address these issues with high-level remoting, but it's not completely implausible to add a "connect to local socket" operation to the file broker if need be.
|
||
Updated•9 years ago
|
Whiteboard: sb+
|
Assignee | |
Updated•8 years ago
|
Summary: Remove socket creation/connect/bind from Desktop Linux content processes → Remove socket creation/connect from Desktop Linux content processes
|
|
||
Updated•7 years ago
|
Priority: -- → P3
|
|
||
Updated•7 years ago
|
|
|
Assignee | |
Comment 3•7 years ago
|
||
The fix for bug 1384292 doesn't stop the socket()ing, but I'm planning to quietly deny socket() anyway.
No longer depends on: 1384292
|
|
||
Updated•7 years ago
|
Whiteboard: sblc5
|
|
Assignee | |
Updated•7 years ago
|
Assignee: nobody → jld
Priority: P3 → P2
|
|
||
Updated•7 years ago
|
Whiteboard: sb+
| Comment hidden (mozreview-request) |
| Comment hidden (mozreview-request) |
|
||
Comment 6•7 years ago
|
||
| mozreview-review | ||
Comment on attachment 8944632 [details]
Bug 1126437 - Add Linux content sandbox level 4 for blocking socket APIs.
https://reviewboard.mozilla.org/r/214780/#review220420
Static analysis found 1 defect in this patch.
- 1 defect found by clang-tidy
You can run this analysis locally with:
- `./mach static-analysis check path/to/file.cpp` (C/C++)
If you see a problem in this automated review, please report it here: http://bit.ly/2y9N9Vx
::: security/sandbox/linux/SandboxFilter.cpp:383
(Diff revision 1)
>
> + bool BelowLevel(int aLevel) const {
> + return mParams.mLevel < aLevel;
> + }
> + ResultExpr AllowBelowLevel(int aLevel, ResultExpr aOrElse) const {
> + return BelowLevel(aLevel) ? Allow() : aOrElse;
Warning: Parameter 'aorelse' is passed by value and only copied once; consider moving it to avoid unnecessary copies [clang-tidy: performance-unnecessary-value-param]
return BelowLevel(aLevel) ? Allow() : aOrElse;
^
std::move( )
|
||
Comment 7•7 years ago
|
||
| mozreview-review | ||
Comment on attachment 8944631 [details]
Bug 1126437 - Reorganize content sandbox params extracted from libxul APIs.
https://reviewboard.mozilla.org/r/214778/#review220564
Attachment #8944631 -
Flags: review?(gpascutto) → review+
|
|
||
Comment 8•7 years ago
|
||
| mozreview-review | ||
Comment on attachment 8944632 [details]
Bug 1126437 - Add Linux content sandbox level 4 for blocking socket APIs.
https://reviewboard.mozilla.org/r/214780/#review220582
::: browser/app/profile/firefox.js:1099
(Diff revision 1)
> // its Windows/Mac counterpart, but on Linux it's an integer which means:
> // 0 -> "no sandbox"
> // 1 -> "content sandbox using seccomp-bpf when available"
> // 2 -> "seccomp-bpf + write file broker"
> // 3 -> "seccomp-bpf + read/write file brokering"
> +// 4 -> 3 + network/socket restrictions
"3" -> "all the above" plus
Attachment #8944632 -
Flags: review?(gpascutto) → review+
| Comment hidden (mozreview-request) |
| Comment hidden (mozreview-request) |
| Comment hidden (mozreview-request) |
|
|
Assignee | |
Updated•7 years ago
|
Attachment #8944631 -
Attachment is obsolete: true
| Comment hidden (mozreview-request) |
|
|
Assignee | |
Comment 13•7 years ago
|
||
Comment on attachment 8945007 [details]
Bug 1126437 - Reorganize content sandbox params extracted from libxul APIs.
MozReview is confused. This patch is unchanged; carrying over r+.
Attachment #8945007 -
Flags: review?(gpascutto) → review+
| Comment hidden (mozreview-request) |
| Comment hidden (mozreview-request) |
|
||
Comment 16•7 years ago
|
||
Pushed by jedavis@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/bb5e75c2d0c8
Reorganize content sandbox params extracted from libxul APIs. r=gcp
https://hg.mozilla.org/integration/mozilla-inbound/rev/35083f8586e7
Add Linux content sandbox level 4 for blocking socket APIs. r=gcp
|
||
Comment 17•7 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/bb5e75c2d0c8
https://hg.mozilla.org/mozilla-central/rev/35083f8586e7
Status: NEW → RESOLVED
Closed: 7 years ago
status-firefox60:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla60
|
|
Assignee | |
Comment 18•7 years ago
|
||
Comment on attachment 8945007 [details]
Bug 1126437 - Reorganize content sandbox params extracted from libxul APIs.
See comment #13.
Attachment #8945007 -
Flags: review?(gpascutto) → review+
You need to log in
before you can comment on or make changes to this bug.
Description
•