Closed
Bug 1306508
Opened 8 years ago
Closed 8 years ago
Whitelist the OS X $TMPDIR and reduce content process write access further
Categories
(Core :: Security: Process Sandboxing, defect)
Tracking
()
RESOLVED
FIXED
mozilla52
Tracking | Status | |
---|---|---|
firefox52 | --- | fixed |
People
(Reporter: haik, Assigned: haik)
References
Details
(Whiteboard: sbmc2)
Attachments
(1 file)
As a follow up to bug 1284588 where we added rules blocking the content sandbox from writing to the $HOME directory, we could extend this write blocking further by whitelisting the OS X $TMPDIR. We need $TMPDIR for now due to 1303987. The sandbox rules added in 1284588 allow writes as long as they are not in the $HOME directory. Any other paths that the OS allows the user to write to are permitted (with a few exceptions). Instead of this inverted "not" in the $HOME rule, we could allow writes to $TMPDIR. Other paths not explicitly blocked would then be allowed. We could also move NS_APP_CONTENT_PROCESS_TEMP_DIR to a directory within $TMPDIR such as $TMPDIR/org.mozilla.firefox/Temp-{<UUID>} instead of ~/Library/Caches/TemporaryItems/Temp-{<UUID>}. The benefits would be 1) it removes the one writable directory in $HOME and 2) $TMPDIR is the more Mac-friendly place to store temporary files. $TMPDIR is the same as DARWIN_USER_TEMP_DIR documented in confstr(3): Per CONFSTR(3), _CS_DARWIN_USER_TEMP_DIR Provides the path to a user's temporary items directory. The directory will be created it if does not already exist. This directory is created with access permissions of 0700 and restricted by the umask(2) of the calling process and is a good location for temporary files. By default, files in this location may be cleaned (removed) by the system if they are not accessed in 3 days.
Assignee | ||
Updated•8 years ago
|
Assignee: nobody → haftandilian
Whiteboard: sbmc2
Comment hidden (mozreview-request) |
Assignee | ||
Comment 2•8 years ago
|
||
Debug: https://treeherder.mozilla.org/#/jobs?repo=try&revision=46afd16a88fb Release: https://treeherder.mozilla.org/#/jobs?repo=try&revision=f67f3829f55d
Assignee | ||
Comment 3•8 years ago
|
||
The posted reviewboard adds a rule allowing write access to files under /private/var/folders/[^/][^/]/ to the content process in DEBUG mode only. This allows leaktest to work and lets us reduce the write access of the content process further as described in description.
Comment 4•8 years ago
|
||
mozreview-review |
Comment on attachment 8800908 [details] Bug 1306508 - Whitelist /private/var/folders/ in DEBUG and reduce content process write access further; https://reviewboard.mozilla.org/r/85718/#review85156
Attachment #8800908 -
Flags: review?(gpascutto) → review+
Assignee | ||
Updated•8 years ago
|
Keywords: checkin-needed
Pushed by cbook@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/a879c89b5446 Whitelist /private/var/folders/ in DEBUG and reduce content process write access further; r=gcp
Keywords: checkin-needed
Comment 6•8 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/a879c89b5446
Status: NEW → RESOLVED
Closed: 8 years ago
status-firefox52:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla52
You need to log in
before you can comment on or make changes to this bug.
Description
•