Closed
Bug 1286033
Opened 8 years ago
Closed 8 years ago
Seccomp sandbox violation: sys_semctl called in content process of Firefox desktop
Categories
(Core :: Security: Process Sandboxing, defect)
Core
Security: Process Sandboxing
Tracking
()
RESOLVED
FIXED
mozilla50
| Tracking | Status | |
|---|---|---|
| firefox50 | --- | fixed |
People
(Reporter: tedd, Assigned: tedd)
References
Details
Crash Data
Attachments
(1 file, 1 obsolete file)
|
608 bytes,
patch
|
tedd
:
review+
|
Details | Diff | Splinter Review |
Crash reports show that sys_semctl is used in content process: https://crash-stats.mozilla.com/search/?product=Firefox&reason=~SIGSYS&address=0x42&_sort=-date&_facets=cpu_arch&_facets=address&_columns=date&_columns=signature&_columns=product&_columns=version&_columns=build_id&_columns=platform#crash-reports
|
Assignee | |
Comment 1•8 years ago
|
||
Try push for build: https://treeherder.mozilla.org/#/jobs?repo=try&revision=088bf7a5e5f9 Also, I fixed the issue mentioned in Bug 1285525 Comment 11 with this patch.
Assignee: nobody → julian.r.hector
Attachment #8769844 -
Flags: review?(gpascutto)
|
||
Comment 2•8 years ago
|
||
Underlying caller is ALSA, alsa_locked_pcm_open.
|
|
||
Updated•8 years ago
|
Attachment #8769844 -
Flags: review?(gpascutto) → review+
|
|
Assignee | |
Updated•8 years ago
|
Keywords: checkin-needed
|
||
Comment 3•8 years ago
|
||
failed to apply: patching file security/sandbox/linux/SandboxFilter.cpp Hunk #2 FAILED at 635 1 out of 2 hunks FAILED -- saving rejects to file security/sandbox/linux/SandboxFilter.cpp.rej patch failed, unable to continue (try -v) patch failed, rejects left in working directory errors during apply, please fix and qrefresh semctl.patch
Flags: needinfo?(julian.r.hector)
Keywords: checkin-needed
|
|
Assignee | |
Comment 4•8 years ago
|
||
I will rebase the patch once the other patches landed that are currently on inbound.
Flags: needinfo?(julian.r.hector)
|
|
Assignee | |
Comment 5•8 years ago
|
||
Carry over r+ I rebased the patch against latest inbound, hopefully it will apply cleanly now.
Attachment #8769844 -
Attachment is obsolete: true
Attachment #8770098 -
Flags: review+
|
|
Assignee | |
Updated•8 years ago
|
Keywords: checkin-needed
Pushed by cbook@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/dfd94f28c573 Add sys_semctl to seccomp whitelist and fix sys_semget. r=gcp
Keywords: checkin-needed
|
||
Comment 8•8 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/dfd94f28c573
Status: NEW → RESOLVED
Closed: 8 years ago
status-firefox50:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla50
|
||
Updated•8 years ago
|
Crash Signature: [@ libc-2.23.so@0xe8f4a ] [@ libc-2.23.so@0xe950a ] [@ libc-2.22.so@0xea6da ] [@ libc-2.19.so@0xfbdea ] [@ libc-2.23.so@0xe8b5a ] [@ libc-2.23.so@0x1083ea ] [@ libc-2.23.so@0xeb47a ]
You need to log in
before you can comment on or make changes to this bug.
Description
•