Open Bug 1303987 Opened 8 years ago Updated 2 years ago

Some mochitests do file (write) access in the content process

Categories

(Core :: Security: Process Sandboxing, defect, P3)

Product:
Core
Component:
Security: Process Sandboxing
Type:
defect

Tracking

()

Tracking Flags:
Tracking Status
firefox52 --- wontfix

People

(Reporter: gcp, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: sb+) 

This obviously breaks in a sandboxed environment.

Example:

15:17:38     INFO -  Sandbox: SandboxBroker: denied op=0 rflags=101101 perms=3 path=/tmp/bug293834-serialized.html for pid=4609 error="No such file or directory"
15:17:38     INFO -  [Child 4609] WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80520015: file /builds/slave/try-lx-d-000000000000000000000/build/src/embedding/components/webbrowserpersist/nsWebBrowserPersist.cpp, line 2304
15:17:38     INFO -  TEST-INFO | started process screentopng
15:17:41     INFO -  TEST-INFO | screentopng: exit 0
15:17:41     INFO -  1332 INFO SimpleTest START
15:17:41     INFO -  1333 INFO TEST-PASS | embedding/test/test_bug293834.html | Modified textarea a-textbox form state not preserved!
15:17:41     INFO -  1334 INFO TEST-PASS | embedding/test/test_bug293834.html | Modified textarea a-prefilled-textbox form state not preserved!
15:17:41     INFO -  1335 INFO TEST-PASS | embedding/test/test_bug293834.html | Modified textbox a-text form state not preserved!
15:17:41     INFO -  1336 INFO TEST-PASS | embedding/test/test_bug293834.html | Modified textbox a-prefilled-text form state not preserved!
15:17:41     INFO -  1337 INFO TEST-PASS | embedding/test/test_bug293834.html | Modified checkbox checked state not preserved!
15:17:41     INFO -  1338 INFO TEST-PASS | embedding/test/test_bug293834.html | Modified radio checked state not preserved!
15:17:41     INFO -  1339 INFO TEST-PASS | embedding/test/test_bug293834.html | Modified select selected index not preserved
15:17:41     INFO -  1340 INFO TEST-UNEXPECTED-FAIL | embedding/test/test_bug293834.html | uncaught exception - NS_ERROR_FILE_NOT_FOUND: Component returned failure code: 0x80520012 (NS_ERROR_FILE_NOT_FOUND) [nsIFileInputStream.init] at doApply@chrome://specialpowers/content/specialpowersAPI.js:146:10
15:17:41     INFO -  apply@chrome://specialpowers/content/specialpowersAPI.js:211:30
15:17:41     INFO -  getFileContents@http://mochi.test:8888/tests/embedding/test/test_bug293834.html:73:5
15:17:41     INFO -  persistDocument@http://mochi.test:8888/tests/embedding/test/test_bug293834.html:115:12
15:17:41     INFO -  @http://mochi.test:8888/tests/embedding/test/test_bug293834.html:124:28
15:17:41     INFO -  SimpleTest._newCallStack/rval@http://mochi.test:8888/tests/SimpleTest/SimpleTest.js:146:17
15:17:41     INFO -  EventHandlerNonNull*this.addLoadEvent@http://mochi.test:8888/tests/SimpleTest/SimpleTest.js:171:13
15:17:41     INFO -  @http://mochi.test:8888/tests/SimpleTest/SimpleTest.js:1371:5
15:17:41     INFO -      simpletestOnerror@SimpleTest/SimpleTest.js:1582:11
15:17:41     INFO -      OnErrorEventHandlerNonNull*@SimpleTest/SimpleTest.js:1562:1
15:17:41     INFO -  JavaScript error: chrome://specialpowers/content/specialpowersAPI.js, line 146: NS_ERROR_FILE_NOT_FOUND: Component returned failure code: 0x80520012 (NS_ERROR_FILE_NOT_FOUND) [nsIFileInputStream.init]
15:17:41     INFO -  MEMORY STAT vsizeMaxContiguous not supported in this build configuration.
Blocks: 1289718
Whiteboard: sblc2
browser/base/content/test/general/browser_printpreview.js

I'm also seeing a bunch of 
[task 2016-09-19T17:06:59.917221Z] 17:06:59     INFO -  Sandbox: SandboxBroker: denied op=0 rflags=2204000 perms=0 path=/usr/share/zoneinfo/ for pid=1296 error="Invalid argument"

in the test logs, i.e. an open() of a directory, which we do not allow.
Crash reporter/leaktest:

[task 2016-09-19T17:08:32.233327Z] 17:08:32     INFO -  Et tu, Brute?
[task 2016-09-19T17:08:32.240279Z] 17:08:32     INFO -  XPCOM_MEM_BLOAT_LOG: /tmp/tmpSsQbWM.mozrunner/runtests_leaks.log
[task 2016-09-19T17:08:32.240591Z] 17:08:32     INFO -  Writing to log: /tmp/tmpSsQbWM.mozrunner/runtests_leaks_tab_pid1296.log
[task 2016-09-19T17:08:32.241847Z] 17:08:32     INFO -  Sandbox: SandboxBroker: denied op=0 rflags=2101 perms=3 path=/tmp/tmpSsQbWM.mozrunner/runtests_leaks_tab_pid1296.log for pid=1296 error="No such file or directory"
[task 2016-09-19T17:08:32.243580Z] 17:08:32     INFO -  Sandbox: SandboxBroker: denied op=0 rflags=1101 perms=3 path=/tmp/GeckoChildCrash1296.extra for pid=1296 error="No such file or directory"
browser/base/content/test/general/browser_printpreview.js

[task 2016-09-19T17:28:40.320378Z] 17:28:40     INFO -  Sandbox: SandboxBroker: denied op=0 rflags=302 perms=3 path=/tmp/1XK8NY.tmp for pid=1812 error="No such file or directory"
[task 2016-09-19T17:28:40.322732Z] 17:28:40     INFO -  [Child 1812] WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80004005: file /home/worker/workspace/build/src/layout/printing/nsPrintEngine.cpp, line 671

traced this down to:
http://searchfox.org/mozilla-central/rev/dbbbafc979a8362a1c8e3e99dbea188fc832b1c5/widget/gtk/nsDeviceContextSpecG.cpp#130
See Also: → 1284588
Whiteboard: sblc2 → sb+
Mass wontfix for bugs affecting firefox 52.
status-firefox52: affectedwontfix
Blocks: sb-test
Priority: -- → P3
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.