Closed
Bug 1140111
Opened 9 years ago
Closed 9 years ago
readlink() is not white listed by sandbox on Lollipop Gonk
Categories
(Core :: Security: Process Sandboxing, defect)
Tracking
()
People
(Reporter: sotaro, Assigned: jld)
References
Details
Crash Data
Attachments
(1 file)
1.00 KB,
patch
|
kang
:
review+
sotaro
:
feedback+
bajaj
:
approval-mozilla-b2g37+
|
Details | Diff | Splinter Review |
readlink() is white listed by Bug 974227. But it seems not work on Lollipop Gonk. See Bug 1137515 comment 14.
Assignee | ||
Comment 2•9 years ago
|
||
Simple patch is simple; rs?(kang). Sotaro, can you verify that this patch fixes the crash? I have a Lollipop-capable device, but it looks like there are other patches needed to make WebRTC work on Lollipop in order to reproduce this bug.
Assignee: nobody → jld
Attachment #8573646 -
Flags: review?(gdestuynder)
Attachment #8573646 -
Flags: feedback?(sotaro.ikeda.g)
Updated•9 years ago
|
blocking-b2g: 2.2? → 2.2+
Comment on attachment 8573646 [details] [diff] [review] Patch: whitelist readlinkat. Review of attachment 8573646 [details] [diff] [review]: ----------------------------------------------------------------- rather similar risk with both readlink/readlinkat
Attachment #8573646 -
Flags: review?(gdestuynder) → review+
Reporter | ||
Comment 4•9 years ago
|
||
Comment on attachment 8573646 [details] [diff] [review] Patch: whitelist readlinkat. Thanks! I confirmed the fix by applying the patch.
Attachment #8573646 -
Flags: feedback?(sotaro.ikeda.g) → feedback+
Assignee | ||
Comment 5•9 years ago
|
||
Try: https://treeherder.mozilla.org/#/jobs?repo=try&revision=5383b3c7928b
Component: Security → Security: Process Sandboxing
Keywords: checkin-needed
Comment 6•9 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/dca901fa0641
Keywords: checkin-needed
Comment 7•9 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/dca901fa0641
Status: NEW → RESOLVED
Closed: 9 years ago
status-firefox39:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla39
Assignee | ||
Updated•9 years ago
|
Crash Signature: [@ libnss3.so@0x2efbb ]
Assignee | ||
Updated•9 years ago
|
Crash Signature: [@ libnss3.so@0x2efbb ] → [@ libnss3.so@0x2efbb ]
[@ readlinkat ]
Reporter | ||
Updated•9 years ago
|
status-b2g-v2.2:
--- → affected
Updated•9 years ago
|
Assignee | ||
Comment 9•9 years ago
|
||
(In reply to Sotaro Ikeda [:sotaro] from comment #8) > Jed, could the patch be uplifted to b2g v2.2? Yes. It will merge more cleanly if the patch from bug 1134942 is uplifted first — and I think we'd need that one on v2.2 as well, if we're supporting Lollipop there?
Flags: needinfo?(jld)
Assignee | ||
Comment 10•9 years ago
|
||
(In reply to Jed Davis [:jld] from comment #9) > (In reply to Sotaro Ikeda [:sotaro] from comment #8) > > Jed, could the patch be uplifted to b2g v2.2? > > Yes. …on second thought, I should do a try run to make sure the new syscall names don't break any of the builds; there are some changes to the Chromium headers that I think weren't on the 37 branch.
Reporter | ||
Comment 11•9 years ago
|
||
Yes, lollipos support of b2g-v2.2 is necessary. Bug 1094121 is a meta bug of supporting lollipop. - Bug 1094121 - (gonk-L) [meta] Android L Porting for B2G
Assignee | ||
Comment 12•9 years ago
|
||
Comment on attachment 8573646 [details] [diff] [review] Patch: whitelist readlinkat. NOTE: please apply this patch after the one from bug 1134942 to avoid unnecessary merge conflicts. [Approval Request Comment] Bug caused by (feature/regressing bug #): bug 1094121 User impact if declined: App crashes and test failures on B2G Lollipop; WebRTC and window.crypto.subtle are known to be affected. Testing completed: https://treeherder.mozilla.org/#/jobs?repo=try&revision=9f3a4230cd05 Risk to taking this patch (and alternatives if risky): None; it just causes system calls to succeed that would previously result in a crash. String or UUID changes made by this patch: None.
Attachment #8573646 -
Flags: approval-mozilla-b2g37?
Assignee | ||
Comment 13•9 years ago
|
||
(In reply to Jed Davis [:jld] from comment #12) > Testing completed: > https://treeherder.mozilla.org/#/jobs?repo=try&revision=9f3a4230cd05 Also, built locally for nexus-5-l and verified it fixes bug 1141472.
Updated•9 years ago
|
Attachment #8573646 -
Flags: approval-mozilla-b2g37? → approval-mozilla-b2g37+
You need to log in
before you can comment on or make changes to this bug.
Description
•