1288376 - Tests should not run a webserver in the content process

Status: NEW

(Core :: Security: Process Sandboxing, defect, P3)

Description

[Gian-Carlo Pascutto [:gcp]]

We are currently whitelisting accept/bind/listen in seccompf-bpf (bug 1275781, bug 1275785, bug 1275786), because some or our tests are running http.js in the content process.

We should fix the test so those can be removed from the whitelist.

Comment 1

[Jim Mathies [:jimm]]

blocked on mtransport remoteing work.

Comment 2

[Jed Davis [:jld] ⟨⏰|UTC-7⟩ ⟦he/him⟧]

Comment #1 is referring to the larger task of blocking listening sockets in content processes.

The specific problem of tests running an HTTP server in the content process may have been fixed — I did a Try run with the filter adjusted to return an error from {accept, bind, listen}, and the only tests that broke appear to be WebRTC-related: https://treeherder.mozilla.org/#/jobs?repo=try&revision=61fd9bb7b103476cfbb497208d429838a6ba7c66 (or intermittents unrelated to this change).

One way to find out for sure: fix the WebRTC socket stuff and then try blocking the syscalls.  Alternately, if we knew what test was breaking when this bug was filed, it might be possible to verify that it's fixed now (and maybe even find the commit that did it).

Comment 3

[Jim Mathies [:jimm]]

Hey Jed, where are we at on this? accept/bind/listen seem like they should be high priority targets.

Comment 4

[Jed Davis [:jld] ⟨⏰|UTC-7⟩ ⟦he/him⟧]

(In reply to Jim Mathies [:jimm] from comment #3)
> Hey Jed, where are we at on this? accept/bind/listen seem like they should
> be high priority targets.

Bug 1358647 landed in 55.  I assume these tests will break if/when anything happens with bug 1358652.

Comment 5

[Sylvestre Ledru [:Sylvestre]]

Moving to p3 because no activity for at least 1 year(s).
See https://github.com/mozilla/bug-handling/blob/master/policy/triage-bugzilla.md#how-do-you-triage for more information