1361238 - Re-allow accept4 in content processes to make accessibility not crash

Status: RESOLVED FIXED

(Core :: Security: Process Sandboxing, defect)

Description

[Jed Davis [:jld] ⟨⏰|UTC-7⟩ ⟦he/him⟧]

The way AT-SPI works, with a DBus transport, is that each accessible application creates its own private bus and becomes a DBus server, accepting connections from accessibility tools.

Currently, content processes set themselves up as accessibility targets; the socket/bind/listen calls appear to happen before the sandbox is started, but they can accept connections at any time.  This is probably what bug 1285816 was responding to.

Bug 1358647 forbade all the server-related socket calls, because I didn't know accessibility used them like that, and this is causing content crashes.

Comment 1

[Jed Davis [:jld] ⟨⏰|UTC-7⟩ ⟦he/him⟧]

Attachment: Bug 1361238 - Re-allow accept4, used by accessibility.

Review commit: https://reviewboard.mozilla.org/r/135360/diff/#index_header
See other reviews: https://reviewboard.mozilla.org/r/135360/

Comment 2

[Alex ARNAUD]

Dear all,

I'm low-vision person. It's an important bug that produces more than 15 crashes by day. Each time I restart the Orca screen reader all actives Firefox Nightly tabs and I need to restart Firefox to solve the issue.
I'll switch to Aurora or to Release channel until the fix.

Best regards.

Comment 3

[Trevor Saunders (:tbsaunde)]

(In reply to Jed Davis [:jld] (⏰UTC-6) from comment #0)
> The way AT-SPI works, with a DBus transport, is that each accessible
> application creates its own private bus and becomes a DBus server, accepting
> connections from accessibility tools.
> 
> Currently, content processes set themselves up as accessibility targets; the
> socket/bind/listen calls appear to happen before the sandbox is started, but
> they can accept connections at any time.  This is probably what bug 1285816
> was responding to.

huh, content processes really shouldn't be registering themselves as accessible applications.

So I guess we should disable that and see what's broken that we didn't notice because of it.

Comment 4

[David Bolter [:davidb] (NeedInfo me for attention)]

(In reply to Trevor Saunders (:tbsaunde) from comment #3)
> (In reply to Jed Davis [:jld] (⏰UTC-6) from comment #0)

> So I guess we should disable that and see what's broken that we didn't
> notice because of it.

I spun off bug 1361338 for this part.

Comment 5

[Gian-Carlo Pascutto [:gcp]]

Comment on attachment 8863591 [details]
Bug 1361238 - Re-allow accept4, used by accessibility.

https://reviewboard.mozilla.org/r/135360/#review138770

I guess this can then be removed immediately when the other bug lands?

Comment 6

[Jed Davis [:jld] ⟨⏰|UTC-7⟩ ⟦he/him⟧]

(In reply to Gian-Carlo Pascutto [:gcp] from comment #5)
> I guess this can then be removed immediately when the other bug lands?

Yes.

Comment 7

[Pulsebot]

Pushed by jedavis@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/13407f841b7f
Re-allow accept4, used by accessibility. r=gcp

Comment 8

[Wes Kocher (:KWierso) (Not reading bugmail; email directly if needed)]

https://hg.mozilla.org/mozilla-central/rev/13407f841b7f