Closed
Bug 1294286
Opened 8 years ago
Closed 5 years ago
Restrict clock_getres the same way as clock_gettime
Categories
(Core :: Security: Process Sandboxing, defect, P3)
Tracking
()
RESOLVED
FIXED
mozilla72
People
(Reporter: jld, Assigned: jld)
References
Details
(Whiteboard: sblc5)
Attachments
(1 file)
Some background that hasn't made it into Bugzilla yet: On Linux, clockid_t can contain a process ID or thread ID, as part of implementing the clock_getcpuclockid and pthread_getcpuclockid APIs. This header comment mostly explains the encoding (give or take a ones' complement): https://github.com/torvalds/linux/blob/9512c47ec/include/linux/posix-timers.h#L31 But it's a little more complicated than that, because that describes the format iff the sign bit is set: https://github.com/torvalds/linux/blob/9512c47ec/kernel/time/posix-timers.c#L585 For nonnegative ints, these are defined (the “process” and “thread” in question refer to the caller in this case): https://github.com/torvalds/linux/blob/9512c47ec/include/uapi/linux/time.h#L45 This feature is known to Chromium and was blocked in https://crbug.com/374479 by applying a small list of allowed clocks (initially for NaCl, but the policy was later applied to other process types in https://crbug.com/413469 and https://crbug.com/413855). We've taken a similar approach for clock_gettime (originally for GMP, later made part of the “common” ruleset also used by content), but clock_getres is currently allowed for all clockid_t values. That should be fixed; no need to leak information if we don't have to.
Updated•8 years ago
|
Whiteboard: sblc3
Updated•7 years ago
|
Whiteboard: sblc3 → sblc5
Updated•7 years ago
|
Priority: -- → P3
Assignee | ||
Comment 1•5 years ago
|
||
The clockid_t type on Linux has a space of values with encode a pid and
refer to various measures of another process's CPU usage; clock_getres
would, thereby, allow probing whether other processes exist. This is
a relatively small information leak into the sandboxes, but there's no
reason to allow it.
Pushed by jedavis@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/a8082b9b4ed1 Filter clock IDs in clock_getres sandbox rule. r=gcp
Comment 3•5 years ago
|
||
bugherder |
Status: NEW → RESOLVED
Closed: 5 years ago
status-firefox72:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla72
Updated•4 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•