Closed
Bug 1285902
Opened 8 years ago
Closed 8 years ago
Seccomp sandbox violation: sys_msgget called in content process of Firefox desktop
Categories
(Core :: Security: Process Sandboxing, defect)
Core
Security: Process Sandboxing
Tracking
()
RESOLVED
FIXED
mozilla50
Tracking | Status | |
---|---|---|
firefox50 | --- | fixed |
People
(Reporter: tedd, Assigned: tedd)
References
Details
(Whiteboard: sblc1)
Crash Data
Attachments
(1 file)
852 bytes,
patch
|
gcp
:
review+
|
Details | Diff | Splinter Review |
Crash reports show that sys_msgget is called in the content process: https://crash-stats.mozilla.com/search/?product=Firefox&reason=~SIGSYS&address=0x44&_sort=-date&_facets=cpu_arch&_facets=address&_columns=date&_columns=signature&_columns=product&_columns=version&_columns=build_id&_columns=platform#crash-reports
Assignee | ||
Comment 1•8 years ago
|
||
A note to avoid missing an architecture when fixing this: sys_msgget and other ipc calls [1] are dispatched to EvaluateIpcCall() and need to be whitelisted there. Similar to the patch in Bug 1286033. [1] https://dxr.mozilla.org/mozilla-central/rev/23dc78b7b57e9f91798ea44c242a04e112c37db0/security/sandbox/linux/SandboxFilterUtil.cpp#100
Updated•8 years ago
|
Whiteboard: sblc1
Updated•8 years ago
|
Crash Signature: [@ libc-2.19.so@0xfbe27 ] [@ libc-2.19.so@0xe6437 ]
Assignee | ||
Comment 2•8 years ago
|
||
Try push: https://treeherder.mozilla.org/#/jobs?repo=try&revision=b0a900af7468
Assignee: nobody → julian.r.hector
Status: NEW → ASSIGNED
Attachment #8771451 -
Flags: review?(gpascutto)
Updated•8 years ago
|
Attachment #8771451 -
Flags: review?(gpascutto) → review+
Pushed by cbook@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/4f3556a9addc Add sys_msgget to seccomp whitelist. r=gcp
Keywords: checkin-needed
Comment 5•8 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/4f3556a9addc
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
status-firefox50:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla50
You need to log in
before you can comment on or make changes to this bug.
Description
•