Closed
Bug 1275920
Opened 8 years ago
Closed 8 years ago
Seccomp sandbox violation: sys_rt_tgsigqueueinfo called in content process of Firefox desktop
Categories
(Core :: Security: Process Sandboxing, defect)
Core
Security: Process Sandboxing
Tracking
()
RESOLVED
FIXED
mozilla50
Tracking | Status | |
---|---|---|
firefox50 | --- | fixed |
People
(Reporter: tedd, Assigned: tedd)
References
Details
(Whiteboard: sblc1)
Attachments
(2 files, 1 obsolete file)
62.70 KB,
text/x-log
|
Details | |
1.13 KB,
patch
|
jld
:
review+
|
Details | Diff | Splinter Review |
Running tests on try with seccomp enabled, hit a seccomp violation when executing the system call: sys_rt_tgsigqueueinfo. tgsigqueueinfo, allows to send signals and data to another process which is probably pretty dangerous to allow. I haven't investigated it further, but all e10s tests seem to fail without this system call in the seccomp whitelist.
Assignee | ||
Comment 1•8 years ago
|
||
I know it is kind of dangerous to allow this syscall, but our main focus now is getting seccomp enabled, so I would say we whitelist it for now. Try push for build: https://treeherder.mozilla.org/#/jobs?repo=try&revision=a533af28e323
Attachment #8757409 -
Flags: review?(jld)
Assignee | ||
Updated•8 years ago
|
Assignee: nobody → julian.r.hector
Comment 2•8 years ago
|
||
Comment on attachment 8757409 [details] [diff] [review] Add sys_rt_tgsigqueueinfo to seccomp whitelist r=jld You should be able to restrict this to same-process use, the same way as for tgkill.
Attachment #8757409 -
Flags: review?(jld)
Assignee | ||
Comment 3•8 years ago
|
||
Thanks Jed for the feedback, I applied the same restriction as with tgkill. Try push for build: https://treeherder.mozilla.org/#/jobs?repo=try&revision=a8aedb12406f
Attachment #8757409 -
Attachment is obsolete: true
Attachment #8761142 -
Flags: review?(jld)
Updated•8 years ago
|
Attachment #8761142 -
Flags: review?(jld) → review+
Assignee | ||
Updated•8 years ago
|
Keywords: checkin-needed
Pushed by cbook@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/de2100437304 Add sys_rt_tgsigqueueinfo to seccomp whitelist r=jld
Keywords: checkin-needed
Comment 5•8 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/de2100437304
Status: NEW → RESOLVED
Closed: 8 years ago
status-firefox50:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla50
You need to log in
before you can comment on or make changes to this bug.
Description
•