Open
Bug 1338747
Opened 7 years ago
Updated 2 years ago
Test the sandbox syscall reporter from bug 1286865
Categories
(Core :: Security: Process Sandboxing, defect, P3)
Tracking
()
NEW
Tracking | Status | |
---|---|---|
firefox54 | --- | affected |
People
(Reporter: jld, Assigned: jld)
References
Details
(Whiteboard: sb+)
Attachments
(1 file)
I have a patch that (1) uses the SandboxCrashOnError flag from bug 1286865 to allow security/sandbox/test/browser_content_sandbox_syscalls.js to do its execve test on Linux nightly without crashing the content process, and (2) also queries the syscall reporter to verify that the expected syscall was reporter. Currently it's very ad-hoc and would need some cleanup to extend what it does to other tests, but it's a start.
Comment hidden (mozreview-request) |
Comment 2•7 years ago
|
||
mozreview-review |
Comment on attachment 8836299 [details] Bug 1338747 - Adjust the existing sandbox tests to cover the syscall reporter. https://reviewboard.mozilla.org/r/111762/#review113118 Looks good. I was just wondering if you verified the exec call does succeed when the sandbox is disabled. I think I checked that when adding the test, but it would be good to make sure. ::: security/sandbox/test/browser_content_sandbox_syscalls.js:228 (Diff revision 1) > + // On Linux, check that the syscall reporter picked up the failure. > + if (linux) { > + let snapshot = reporter.snapshot(); > + let newSyscallCount = snapshot.end; > + ok(newSyscallCount == oldSyscallCount + 1, > + "Exactly 1 rejected syscall reported during test"); If we ever encounter more than one rejected syscall, it could be useful to log all the syscall numbers in the snapshot so we know what happened, in case it's not easily reproducible.
Attachment #8836299 -
Flags: review?(haftandilian) → review+
Comment 3•7 years ago
|
||
mozreview-review |
Comment on attachment 8836299 [details] Bug 1338747 - Adjust the existing sandbox tests to cover the syscall reporter. https://reviewboard.mozilla.org/r/111762/#review113304
Attachment #8836299 -
Flags: review?(gpascutto) → review+
Updated•7 years ago
|
Whiteboard: sblc2
Assignee | ||
Updated•7 years ago
|
Whiteboard: sblc2 → sblc3
Updated•7 years ago
|
Priority: -- → P3
Whiteboard: sblc3 → sb+
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•