Closed Bug 1296309 Opened 5 years ago Closed 5 years ago

Remove unused syscalls from the seccomp whitelist

Categories

(Core :: Security: Process Sandboxing, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla51
Tracking Status
firefox51 --- fixed

People

(Reporter: gcp, Unassigned)

References

Details

(Whiteboard: sblc4)

Attachments

(1 file)

During triage of the syscall list, we found a few syscalls that are currently whitelisted (presumably B2G heritage) but where it's not clear why the content process would need those. Some preliminary testing shows Firefox is functional when they're blocked. We should try removing them and seeing if this causes breakage in the field (at which point we'll know what uses them).
The syscalls in question are: utimes umask wait4
Whiteboard: sblc4
Comment on attachment 8782472 [details]
Bug 1296309 - Remove unused syscalls from the seccomp whitelist.

https://reviewboard.mozilla.org/r/72638/#review70450

Ok let's see if this breaks anything. lgtm
Attachment #8782472 - Flags: review?(julian.r.hector) → review+
Pushed by gpascutto@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/7239d050d65f
Remove unused syscalls from the seccomp whitelist. r=tedd
https://hg.mozilla.org/mozilla-central/rev/7239d050d65f
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla51
I think we need to back this patch out, there have been crash reports coming in due to missing these system calls in the whitelist.

PulseAudio is the main issue regarding sys_umask, apparently umask is called before mkdir, seen here [1]

Regarding the other system calls, the crash reports stack trace doesn't look too promising.

[1] https://github.com/pulseaudio/pulseaudio/blob/master/src/pulsecore/core-util.c#L275
https://hg.mozilla.org/integration/mozilla-inbound/rev/1a6361b000fcb97f941e4091001e88be0e46927f
Bug 1296309 - Return umask (PulseAudio) and wait4 (threads) to the whitelist. r=tedd
r+ over IRC. 

utimes() only occured in a GMP, not content process, crash, so it can stay.
You need to log in before you can comment on or make changes to this bug.