Open Bug 1288384 Opened 8 years ago Updated 2 years ago

Restrict sys_mremap flag argument in seccomp

Tracking

()

Status:

NEW

People

(Reporter: tedd, Unassigned)

References

Details

(Whiteboard: sblc5)

Julian Hector [:tedd] [:jhector]

Reporter

Description

•

8 years ago

sys_mremap is used in the implementation of libc realloc(). Currently we whitelist the system call if MOZ_MEMORY is not defined (jemalloc is used). 

But we may want to only allow certain flags to improve the overall security of the sandbox, this may impact performance but it is unclear how big of an impact it is and if it is acceptable or not.

See Bug 1286119 Comment 1 for more details.

Julian Hector [:tedd] [:jhector]

Reporter

Updated

•

8 years ago

Whiteboard: sblc1 → sblc2

Jim Mathies [:jimm]

Updated

•

7 years ago

Whiteboard: sblc2 → sblc4

Jim Mathies [:jimm]

Updated

•

7 years ago

Whiteboard: sblc4 → sblc5

Jim Mathies [:jimm]

Updated

•

7 years ago

Priority: -- → P3

BMO Automation

Updated

•

2 years ago

Severity: normal → S3

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Restrict sys_mremap flag argument in seccomp

Categories

(Core :: Security: Process Sandboxing, defect, P3)

Tracking

()

People

(Reporter: tedd, Unassigned)

References

Details

(Whiteboard: sblc5)

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Updated

Updated

Updated