Re-disallow accept4 after bug 1361338 lands

RESOLVED FIXED in Firefox 56

Status

()

enhancement
RESOLVED FIXED
2 years ago
Last year

People

(Reporter: jld, Assigned: jld)

Tracking

Trunk
mozilla56
Unspecified
Linux
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox56 fixed)

Details

(Whiteboard: sb+)

Attachments

(1 attachment)

Once bug 1361338 lands and only the parent process is registered for accessibility, we should be able to back out bug 1361238 and take away accept4 again.

All things considered it's not the worst system call to have to allow, because the process has to acquire a listening socket from a trusted source in order to use it, but the principle of least privilege applies.
Whiteboard: sb+
Comment on attachment 8881552 [details]
Bug 1362537 - Re-disallow accept4 in Linux content processes.

https://reviewboard.mozilla.org/r/152726/#review157846
Attachment #8881552 - Flags: review?(gpascutto) → review+
Pushed by jedavis@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/2fe9bcd421ff
Re-disallow accept4 in Linux content processes. r=gcp
For reference, I tested this locally: start orca, start Firefox with GNOME_ACCESSIBILITY=1, load some pages, then `orca -l`.
https://hg.mozilla.org/mozilla-central/rev/2fe9bcd421ff
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla56
You need to log in before you can comment on or make changes to this bug.