Open
Bug 1288376
Opened 7 years ago
Updated 1 year ago
Tests should not run a webserver in the content process
Categories
(Core :: Security: Process Sandboxing, defect, P3)
Core
Security: Process Sandboxing
Tracking
()
NEW
Tracking | Status | |
---|---|---|
firefox50 | --- | affected |
People
(Reporter: gcp, Unassigned)
References
(Blocks 1 open bug)
Details
(Whiteboard: sblc4)
We are currently whitelisting accept/bind/listen in seccompf-bpf (bug 1275781, bug 1275785, bug 1275786), because some or our tests are running http.js in the content process. We should fix the test so those can be removed from the whitelist.
Reporter | ||
Updated•7 years ago
|
Whiteboard: sblc4
![]() |
||
Updated•7 years ago
|
Flags: needinfo?(jld)
Comment 2•7 years ago
|
||
Comment #1 is referring to the larger task of blocking listening sockets in content processes. The specific problem of tests running an HTTP server in the content process may have been fixed — I did a Try run with the filter adjusted to return an error from {accept, bind, listen}, and the only tests that broke appear to be WebRTC-related: https://treeherder.mozilla.org/#/jobs?repo=try&revision=61fd9bb7b103476cfbb497208d429838a6ba7c66 (or intermittents unrelated to this change). One way to find out for sure: fix the WebRTC socket stuff and then try blocking the syscalls. Alternately, if we knew what test was breaking when this bug was filed, it might be possible to verify that it's fixed now (and maybe even find the commit that did it).
![]() |
||
Comment 3•6 years ago
|
||
Hey Jed, where are we at on this? accept/bind/listen seem like they should be high priority targets.
Flags: needinfo?(jld)
Priority: P3 → P2
Comment 4•6 years ago
|
||
(In reply to Jim Mathies [:jimm] from comment #3) > Hey Jed, where are we at on this? accept/bind/listen seem like they should > be high priority targets. Bug 1358647 landed in 55. I assume these tests will break if/when anything happens with bug 1358652.
Flags: needinfo?(jld)
Comment 5•5 years ago
|
||
Moving to p3 because no activity for at least 1 year(s). See https://github.com/mozilla/bug-handling/blob/master/policy/triage-bugzilla.md#how-do-you-triage for more information
Priority: P2 → P3
Updated•1 year ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•