Closed
Bug 1290618
Opened 6 years ago
Closed 6 years ago
Allow PR_SET_PTRACER in Linux sandbox policies to avoid recursive crash
Categories
(Core :: Security: Process Sandboxing, defect)
Tracking
()
RESOLVED
FIXED
mozilla51
People
(Reporter: jld, Assigned: jld)
References
Details
Attachments
(1 file)
1.71 KB,
patch
|
tedd
:
review+
ritu
:
approval-mozilla-aurora+
lizzard
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
Bug 1090598 added a call to prctl(PR_SET_PTRACER, PR_SET_PTRACER_ANY) in the crash signal handlers used when the crash reporter is disabled (e.g., desktop debug builds) so that gdb can attach even if the Yama LSM would otherwise prevent that. Content processes allow all prctl()s for now (although we'd like to restrict that eventually), but GMP processes have a small allowed list and PR_SET_PTRACER isn't on it. The result is that if a GMP process segfaults (or similar) on Linux with the crash reporter disabled, it will take SIGSYS in the crash handler and the SIGSYS handler will complain and immediately terminate the process, which prevents debugging it. Adding PR_SET_PTRACER to the policy is simple (and reasonably safe — prctl affects only the calling thread, and we already allow PR_SET_DUMPABLE, which is similar, for the crash reporter).
Assignee | ||
Comment 1•6 years ago
|
||
…except that even with PR_SET_PTRACER allowed, the process gets immediately killed anyway, because the IPC channel observes an error and is destroyed, for reasons that aren't immediately clear. But I already have a patch for this problem, so I might as well.
Assignee: nobody → jld
Updated•6 years ago
|
Blocks: widevine-linux
Assignee | ||
Comment 2•6 years ago
|
||
Try: https://treeherder.mozilla.org/#/jobs?repo=try&revision=8c40dd581e79
Attachment #8776732 -
Flags: review?(julian.r.hector)
Comment 3•6 years ago
|
||
Comment on attachment 8776732 [details] [diff] [review] bug1290618-allow-ptracer-hg0.diff Review of attachment 8776732 [details] [diff] [review]: ----------------------------------------------------------------- lgtm
Attachment #8776732 -
Flags: review?(julian.r.hector) → review+
Assignee | ||
Comment 4•6 years ago
|
||
Try: https://treeherder.mozilla.org/#/jobs?repo=try&revision=8c40dd581e79
Keywords: checkin-needed
Pushed by cbook@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/0143eed90884 Allow PR_SET_PTRACER in Linux sandbox policies to avoid recursive crash. r=tedd
Keywords: checkin-needed
Comment 6•6 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/0143eed90884
Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox51:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla51
Comment 7•6 years ago
|
||
Comment on attachment 8776732 [details] [diff] [review] bug1290618-allow-ptracer-hg0.diff Approval Request Comment [Feature/regressing bug #]: Widevine EME on Linux [User impact if declined]: Without this patch, debugging the sandbox issues fixed in other uplifts I've just requested is very hard. [Describe test coverage new/current, TreeHerder]: We have plenty of EME mochitests, which run on Linux inside the sandbox. [Risks and why]: Low; this is tweaking how the sandbox interacts with debuggers [String/UUID change made/needed]: None
Attachment #8776732 -
Flags: approval-mozilla-beta?
Attachment #8776732 -
Flags: approval-mozilla-aurora?
status-firefox50:
--- → affected
Comment on attachment 8776732 [details] [diff] [review] bug1290618-allow-ptracer-hg0.diff Widevine EME on Linux, Aurora50+
Attachment #8776732 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
status-firefox49:
--- → affected
Comment on attachment 8776732 [details] [diff] [review] bug1290618-allow-ptracer-hg0.diff Uplifting Linux Widevine support to beta; this should avoid a crash.
Attachment #8776732 -
Flags: approval-mozilla-beta? → approval-mozilla-beta+
Comment 10•6 years ago
|
||
bugherderuplift |
https://hg.mozilla.org/releases/mozilla-beta/rev/5ceb958e95c7
Comment 11•6 years ago
|
||
bugherderuplift |
https://hg.mozilla.org/releases/mozilla-beta/rev/5ceb958e95c7
You need to log in
before you can comment on or make changes to this bug.
Description
•