Closed Bug 1285293 Opened 7 years ago Closed 7 years ago
Seccomp sandbox violation: sys
_fstatfs called in content process of Firefox desktop
Crash report https://crash-stats.mozilla.com/report/index/cb319ce5-785b-4b31-874b-352dc2160707 shows that sys_fstatfs is called in the content process on x86_64.
statfs is fairly innocent in that the most useful thing it returns is the free space on the disk. But why oh why does fontconfig need to know that?
For some reason libfontconfig really Needs To Know. Review commit: https://reviewboard.mozilla.org/r/63252/diff/#index_header See other reviews: https://reviewboard.mozilla.org/r/63252/
Attachment #8769279 - Flags: review?(julian.r.hector)
https://reviewboard.mozilla.org/r/63252/#review60196 See comment. ::: security/sandbox/linux/SandboxFilter.cpp:522 (Diff revision 1) > case __NR_quotactl: > case __NR_utimes: > case __NR_unlink: > case __NR_fchown: > case __NR_fchmod: > + case __NR_fstatfs: There is fstatfs and fstatfs64, fstatfs should be defined on all architectures (x86, x86_64, arm, arm64), and fstatfs64 is defined on all but x86_64. I think we should define a CASE_FOR_fstatfs similar to this: https://dxr.mozilla.org/mozilla-central/source/security/sandbox/linux/SandboxFilterUtil.h#94
Comment on attachment 8769279 [details] 1285293 - Add fstatfs to seccomp-bpf whitelist. https://reviewboard.mozilla.org/r/63252/#review60200
Attachment #8769279 - Flags: review?(julian.r.hector) → review-
Comment on attachment 8769279 [details] 1285293 - Add fstatfs to seccomp-bpf whitelist. Review request updated; see interdiff: https://reviewboard.mozilla.org/r/63252/diff/1-2/
Comment on attachment 8769279 [details] 1285293 - Add fstatfs to seccomp-bpf whitelist. https://reviewboard.mozilla.org/r/63252/#review60280 lgtm
Attachment #8769279 - Flags: review?(julian.r.hector) → review+
https://hg.mozilla.org/integration/mozilla-inbound/rev/e82b92329a054213e85b31b31e70ed2797b08a36 Bug 1285293 - Add fstatfs to seccomp-bpf whitelist. r=tedd
Crash Signature: [@ libc-2.23.so@0xda2c7 ] [@ libc-2.23.so@0xf6567 ] [@ libc-2.22.so@0xdb907 ] [@ libc-2.19.so@0xdb987 ] [@ libc-2.23.so@0xf2b27 ] [@ libc-2.23.so@0xdb617 ]
You need to log in before you can comment on or make changes to this bug.