Seccomp sandbox violation: sys_rt_tgsigqueueinfo called in content process of Firefox desktop

RESOLVED FIXED in Firefox 50

Status

()

defect
RESOLVED FIXED
3 years ago
2 years ago

People

(Reporter: tedd, Assigned: tedd)

Tracking

unspecified
mozilla50
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox50 fixed)

Details

(Whiteboard: sblc1)

Attachments

(2 attachments, 1 obsolete attachment)

Running tests on try with seccomp enabled, hit a seccomp violation when executing the system call: sys_rt_tgsigqueueinfo.

tgsigqueueinfo, allows to send signals and data to another process which is probably pretty dangerous to allow. I haven't investigated it further, but all e10s tests seem to fail without this system call in the seccomp whitelist.
I know it is kind of dangerous to allow this syscall, but our main focus now is getting seccomp enabled, so I would say we whitelist it for now.

Try push for build: https://treeherder.mozilla.org/#/jobs?repo=try&revision=a533af28e323
Attachment #8757409 - Flags: review?(jld)
Assignee

Updated

3 years ago
Assignee: nobody → julian.r.hector
Comment on attachment 8757409 [details] [diff] [review]
Add sys_rt_tgsigqueueinfo to seccomp whitelist r=jld

You should be able to restrict this to same-process use, the same way as for tgkill.
Attachment #8757409 - Flags: review?(jld)
Thanks Jed for the feedback, I applied the same restriction as with tgkill.

Try push for build: https://treeherder.mozilla.org/#/jobs?repo=try&revision=a8aedb12406f
Attachment #8757409 - Attachment is obsolete: true
Attachment #8761142 - Flags: review?(jld)
Attachment #8761142 - Flags: review?(jld) → review+
Assignee

Updated

3 years ago
Keywords: checkin-needed

Comment 4

3 years ago
Pushed by cbook@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/de2100437304
Add sys_rt_tgsigqueueinfo to seccomp whitelist r=jld
Keywords: checkin-needed

Comment 5

3 years ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/de2100437304
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla50
You need to log in before you can comment on or make changes to this bug.