Content process opens time zone data while sandboxed

NEW
Unassigned

Status

()

Core
Security: Process Sandboxing
P3
normal
3 years ago
10 months ago

People

(Reporter: jld, Unassigned)

Tracking

Trunk
All
Linux
Points:
---

Firefox Tracking Flags

(firefox43 affected)

Details

(Whiteboard: sb+)

(Reporter)

Description

3 years ago
Calling localtime() and similar functions causes libc to open the files containing the time zone data.  Chromium intercepts the library call and remotes it (https://crbug.com/16800) to avoid this, because they hadn't invented seccomp-bpf yet.

To get bug 930258 landed we can remote the file open instead, but on B2G we'll have to have entries for /system/usr/share/zoneinfo/tzdata and /system//usr/share/zoneinfo/tzdata (with extra slash) because the code that does the open changed in Lollipop[*] and the file broker currently doesn't try to normalize or interpret paths from the (untrusted!) client before checking the policy.

[*] https://android.googlesource.com/platform/bionic.git/+/cf178bf7d0300edfeec3%5E!/

As for desktop, I can *hope* content will only ever need to open "/etc/localtime", but I may be disappointed.

Longer-term we might prefer higher-level remoting like what Chromium does.

Updated

2 years ago
Whiteboard: sb+
You need to log in before you can comment on or make changes to this bug.