Closed
Bug 1354731
Opened 7 years ago
Closed 7 years ago
OpenGL drivers try to mknod() their device nodes
Categories
(Core :: Security: Process Sandboxing, enhancement)
Tracking
()
RESOLVED
FIXED
mozilla55
Tracking | Status | |
---|---|---|
firefox55 | --- | fixed |
People
(Reporter: jld, Assigned: jld)
Details
(Whiteboard: sb+)
Crash Data
Attachments
(1 file)
I'm seeing this on amd64 with nvidia drivers (0xc3fe == 195, 254) and x86 with ATI fglrx drivers (0xf901 == 249, 1). We should probably just soft-fail these — I assume the drivers are doing this as a last-ditch attempt after finding the device nodes don't exist, on the off chance the process happens to have CAP_MKNOD (and they don't test for that or euid 0 because it's easier/cleaner just to try the mknod and let it fail). I'm not sure if we should try to limit that rule to the specific major numbers seen here, or just apply it to all attempts to mknod a device. (Linux best practice is to dynamically allocate device major numbers, but if they're being mknod()ed like this then I think that implies they're statically allocated?)
Comment hidden (mozreview-request) |
Comment 2•7 years ago
|
||
mozreview-review |
Comment on attachment 8857267 [details] Bug 1354731 - Quietly fail mknod of character devices in content sandbox. https://reviewboard.mozilla.org/r/129202/#review131926
Attachment #8857267 -
Flags: review?(gpascutto) → review+
Assignee | ||
Updated•7 years ago
|
Assignee: nobody → jld
Pushed by jedavis@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/9135513229b9 Quietly fail mknod of character devices in content sandbox. r=gcp
Updated•7 years ago
|
Whiteboard: sb? → sb+
Comment 4•7 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/9135513229b9
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla55
You need to log in
before you can comment on or make changes to this bug.
Description
•