Open Bug 1288376 Opened 5 years ago Updated 3 years ago

Tests should not run a webserver in the content process

Categories

(Core :: Security: Process Sandboxing, defect, P3)

defect

Tracking

()

Tracking Status
firefox50 --- affected

People

(Reporter: gcp, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: sblc4)

We are currently whitelisting accept/bind/listen in seccompf-bpf (bug 1275781, bug 1275785, bug 1275786), because some or our tests are running http.js in the content process.

We should fix the test so those can be removed from the whitelist.
Whiteboard: sblc4
Flags: needinfo?(jld)
blocked on mtransport remoteing work.
Flags: needinfo?(jld)
Comment #1 is referring to the larger task of blocking listening sockets in content processes.

The specific problem of tests running an HTTP server in the content process may have been fixed — I did a Try run with the filter adjusted to return an error from {accept, bind, listen}, and the only tests that broke appear to be WebRTC-related: https://treeherder.mozilla.org/#/jobs?repo=try&revision=61fd9bb7b103476cfbb497208d429838a6ba7c66 (or intermittents unrelated to this change).

One way to find out for sure: fix the WebRTC socket stuff and then try blocking the syscalls.  Alternately, if we knew what test was breaking when this bug was filed, it might be possible to verify that it's fixed now (and maybe even find the commit that did it).
Blocks: sb-test
Priority: -- → P3
Hey Jed, where are we at on this? accept/bind/listen seem like they should be high priority targets.
Flags: needinfo?(jld)
Priority: P3 → P2
(In reply to Jim Mathies [:jimm] from comment #3)
> Hey Jed, where are we at on this? accept/bind/listen seem like they should
> be high priority targets.

Bug 1358647 landed in 55.  I assume these tests will break if/when anything happens with bug 1358652.
Flags: needinfo?(jld)
Moving to p3 because no activity for at least 1 year(s).
See https://github.com/mozilla/bug-handling/blob/master/policy/triage-bugzilla.md#how-do-you-triage for more information
Priority: P2 → P3
You need to log in before you can comment on or make changes to this bug.