Closed
Bug 1259283
Opened 8 years ago
Closed 8 years ago
Seccomp sandbox violation: sys_fchown called in content process of Firefox desktop
Categories
(Core :: Security: Process Sandboxing, defect)
Core
Security: Process Sandboxing
Tracking
()
RESOLVED
FIXED
mozilla48
Tracking | Status | |
---|---|---|
firefox48 | --- | fixed |
People
(Reporter: tedd, Assigned: tedd)
Details
(Whiteboard: sblc1)
Attachments
(2 files)
4.52 KB,
text/plain
|
Details | |
833 bytes,
patch
|
jld
:
review+
|
Details | Diff | Splinter Review |
When enabling content sandboxing on Linux desktop (using ac_add_options --enable-content-sandbox), the content process crashes early on due to a seccomp violation when calling sys_fchown. The code seems to be related to pulseaudio, so this might no longer be an issue once Bug 1104619 is fixed.
Updated•8 years ago
|
Whiteboard: sb? → sblc1
Comment 1•8 years ago
|
||
Might be relevant: https://lists.freedesktop.org/archives/pulseaudio-discuss/2015-October/024535.html
Assignee | ||
Comment 2•8 years ago
|
||
:jld, any objections to add sys_fchown() to the whitelist for now, so that we can get seccomp enabled on nightly? I think we can experiment to remove it once Bug 1104619 has landed, or later on when we try to tighten the sandbox.
Flags: needinfo?(jld)
Comment 3•8 years ago
|
||
(In reply to Julian Hector [:tedd] [:jhector] from comment #2) > :jld, any objections to add sys_fchown() to the whitelist for now, so that > we can get seccomp enabled on nightly? I think we can experiment to remove > it once Bug 1104619 has landed, or later on when we try to tighten the > sandbox. No objections. fchown can't do much as an unprivileged user (running Firefox as root isn't supported, and see also bug 1199481), and in any case this isn't a meaningful sandbox yet.
Flags: needinfo?(jld)
Assignee | ||
Comment 4•8 years ago
|
||
Ok, thanks I will get a patch ready.
Assignee: nobody → julian.r.hector
Assignee | ||
Comment 5•8 years ago
|
||
Try push: https://treeherder.mozilla.org/#/jobs?repo=try&revision=09edc84cff30
Attachment #8740917 -
Flags: review?(jld)
Updated•8 years ago
|
Attachment #8740917 -
Flags: review?(jld) → review+
Assignee | ||
Updated•8 years ago
|
Keywords: checkin-needed
Comment 7•8 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/b26d5448b54c
Status: NEW → RESOLVED
Closed: 8 years ago
status-firefox48:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla48
You need to log in
before you can comment on or make changes to this bug.
Description
•