Closed Bug 1259283 Opened 4 years ago Closed 4 years ago

Seccomp sandbox violation: sys_fchown called in content process of Firefox desktop

Categories

(Core :: Security: Process Sandboxing, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla48
Tracking Status
firefox48 --- fixed

People

(Reporter: tedd, Assigned: tedd)

Details

(Whiteboard: sblc1)

Attachments

(2 files)

When enabling content sandboxing on Linux desktop (using ac_add_options --enable-content-sandbox), the content process crashes early on due to a seccomp violation when calling sys_fchown.

The code seems to be related to pulseaudio, so this might no longer be an issue once Bug 1104619 is fixed.
Whiteboard: sb? → sblc1
:jld, any objections to add sys_fchown() to the whitelist for now, so that we can get seccomp enabled on nightly? I think we can experiment to remove it once Bug 1104619 has landed, or later on when we try to tighten the sandbox.
Flags: needinfo?(jld)
(In reply to Julian Hector [:tedd] [:jhector] from comment #2)
> :jld, any objections to add sys_fchown() to the whitelist for now, so that
> we can get seccomp enabled on nightly? I think we can experiment to remove
> it once Bug 1104619 has landed, or later on when we try to tighten the
> sandbox.

No objections.  fchown can't do much as an unprivileged user (running Firefox as root isn't supported, and see also bug 1199481), and in any case this isn't a meaningful sandbox yet.
Flags: needinfo?(jld)
Ok, thanks I will get a patch ready.
Assignee: nobody → julian.r.hector
Attachment #8740917 - Flags: review?(jld) → review+
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/b26d5448b54c
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla48
You need to log in before you can comment on or make changes to this bug.