Closed
Bug 1284588
Opened 8 years ago
Closed 8 years ago
OS X: Disable content process write access to user files in the home directory
Categories
(Core :: Security: Process Sandboxing, defect)
Tracking
()
RESOLVED
FIXED
mozilla52
People
(Reporter: haik, Assigned: haik)
References
Details
(Whiteboard: sbmc1)
Attachments
(2 files)
|
1.33 KB,
patch
|
Details | Diff | Splinter Review | |
|
58 bytes,
text/x-review-board-request
|
gcp
:
review+
|
Details |
This bug is for the changes required to disable write access to user files in the home directory from the content process on macOS. With this bug, the intent is not to remove all write access to the home directory, but everything outside of some specific directories within ~/Library. Within ~/Library, the content process uses write access to NS_APP_CONTENT_PROCESS_TEMP_DIR and some addons write to files within the Firefox profile directory. Access to those directories (which are within ~/Library) will be removed in follow-up work.
|
Assignee | |
Comment 1•8 years ago
|
||
This disables content process write access to most of the home directory. I'm using it for testing. Until 1228022 is fixed, this will break printing to file.
Assignee: nobody → haftandilian
| Comment hidden (mozreview-request) |
|
||
Comment 4•8 years ago
|
||
| mozreview-review | ||
Comment on attachment 8793534 [details] Bug 1284588 - OS X: Disable content process write access to user files in the home directory; https://reviewboard.mozilla.org/r/80214/#review79124
Attachment #8793534 -
Flags: review?(gpascutto) → review+
|
|
Assignee | |
Comment 5•8 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=52687050b0e9f289c1a0822ed1b127e1e08b0b69
Keywords: checkin-needed
|
||
Comment 6•8 years ago
|
||
Looks like autoland couldn't rebase this patch for landing.
Flags: needinfo?(haftandilian)
Keywords: checkin-needed
|
|
Assignee | |
Comment 7•8 years ago
|
||
Sorry about that. It applied cleanly in my repo. I'll update reviewboard and reflag this checkin-needed.
Flags: needinfo?(haftandilian)
| Comment hidden (mozreview-request) |
|
|
Assignee | |
Updated•8 years ago
|
Keywords: checkin-needed
Pushed by ryanvm@gmail.com: https://hg.mozilla.org/integration/autoland/rev/1e8a7c6dcea1 OS X: Disable content process write access to user files in the home directory; r=gcp
Keywords: checkin-needed
|
||
Comment 10•8 years ago
|
||
Backed out for leaks in browser-chrome tests on OS X 10.10 debug: https://hg.mozilla.org/integration/autoland/rev/b1ed83464642 Push with failure: https://treeherder.mozilla.org/#/jobs?repo=autoland&revision=1e8a7c6dcea1d73db0da4c61b2dfe4b4cbaec79f More tests tun and failed for https://treeherder.mozilla.org/#/jobs?repo=autoland&revision=735ae776c393e7c2f7c9d64a12a61b5f7689a583 Failure log: https://treeherder.mozilla.org/logviewer.html#?job_id=3992627&repo=autoland 02:41:44 WARNING - TEST-UNEXPECTED-FAIL | leakcheck | tab process: missing output line for total leaks! 02:41:44 INFO - TEST-INFO | leakcheck | missing output line from log file /var/folders/f6/kjqp0l7n7cb307nv1hq0lrf400000w/T/tmpgFyenB.mozrunner/runtests_leaks_tab_pid1975.log
Flags: needinfo?(haftandilian)
|
|
Assignee | |
Comment 11•8 years ago
|
||
Didn't mean to clear the needinfo. I'm trying to determine if this change is causing the "leakcheck | missing output line from log file ..." failure or if these are just instances of bug 1281306. This fix shouldn't affect JS object allocation/dealloc and shouldn't affect content processes ability to write to /var.
Flags: needinfo?(haftandilian)
| Comment hidden (mozreview-request) |
|
|
Assignee | |
Comment 13•8 years ago
|
||
The leakcheck "missing output line for total leaks" failures were caused by my fix for this bug. I couldn't reproduce the failures locally by running individual tests, but I could reproduce them reliably with "./mach test toolkit/content/tests/browser/" in debug. The issue is that my changes blocked all write access to the filesystem from the content process (apart from the content temp dir and a few /var subdirectories), this breaks the leakcheck because it writes to a file in /var from the content process. This is in the OS X $TMPDIR and here's an example of the path which is per-OSX-user. /var/folders/46/188abcdeadfadfadfadfrgsnx2m0000gn/T/tmp1Txao8.mozrunner/runtests_leaks_tab_pid<PID>.log I'll update the fix to not limit write-blocking to the home directory and file a bug on our tests writing to the filesystem from the content process. Writing to $TMPDIR is a reasonable place to write to, but our long term goal is to eventually prevent all filesystem I/O by the content process.
Flags: needinfo?(haftandilian)
|
|
Assignee | |
Updated•8 years ago
|
Attachment #8793534 -
Flags: review+ → review?(gpascutto)
|
|
||
Comment 14•8 years ago
|
||
| mozreview-review | ||
Comment on attachment 8793534 [details] Bug 1284588 - OS X: Disable content process write access to user files in the home directory; https://reviewboard.mozilla.org/r/80214/#review80314 As discussed on IRC, we can follow up with another bug/patch to disable write except in the OS TMPDIR.
Attachment #8793534 -
Flags: review?(gpascutto) → review+
|
|
Assignee | |
Updated•8 years ago
|
Keywords: checkin-needed
|
||
Comment 15•8 years ago
|
||
Pushed by ryanvm@gmail.com: https://hg.mozilla.org/integration/autoland/rev/cde8b9afb577 OS X: Disable content process write access to user files in the home directory; r=gcp
Keywords: checkin-needed
|
||
Comment 16•8 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/cde8b9afb577
Status: NEW → RESOLVED
Closed: 8 years ago
status-firefox52:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla52
You need to log in
before you can comment on or make changes to this bug.
Description
•