Open Bug 1378968 Opened 3 years ago Updated 2 years ago

SandboxViolation: plugin-container(PID) deny(1) file-read-metadata /Applications /Users /usr

Categories

(Core :: Security: Process Sandboxing, enhancement, P3, minor)

56 Branch
Unspecified
macOS
enhancement

Tracking

()

People

(Reporter: haik, Unassigned)

References

Details

(Whiteboard: sb+)

After enabling file-read restrictions in our content sandbox in bug 1332190, launching Firefox and browsing triggers some sandbox violations to be logged in the Console app. Three new ones are

  SandboxViolation: plugin-container(<PID>) deny(1) file-read-metadata /Applications
  SandboxViolation: plugin-container(<PID>) deny(1) file-read-metadata /Users
  SandboxViolation: plugin-container(<PID>) deny(1) file-read-metadata /usr

We should investigate these and, when possible, remove the offending code from the content process to avoid these messages.

In newer versions of OS X (10.12+), there is a large amount of data being logged in Console and I don't think these are likely to trigger lots of bugs being filed, but they could be seen as alarming to anyone examining Console output.
I seem to recall these being related to |dlopen|, I'm not sure what the right solution would be if my memory is correct.
To reiterate, some SandboxViolations attributed to plugin-container in Console are triggered by code we don't have control over such as OS X libraries. So we won't be able to eliminate all these messages and seeing them does not necessarily mean we have a bug in Firefox that needs a fix.

Where the message does turn out to be triggered by Firefox code, we want to fix that because it means we're wasting cycles trying to read directories that are not available to the content process.
See Also: → 1306663
Whiteboard: sbmc3
See Also: → 1338651
Here's one (potentially avoidable) stack that is triggering a sandbox violation by calling getattrlist(2) on the home directory.

--

plugin-container(31772) deny file-read-metadata /Users/haik

Process:         plugin-container [31772]
Path:            /Applications/FirefoxNightly.app/Contents/MacOS/plugin-container.app/Contents/MacOS/plugin-container
Load Address:    0x108c74000
Identifier:      org.mozilla.plugincontainer
Version:         1.0 (???)
Code Type:       x86_64 (Native)
Parent Process:  firefox [24247]
User ID:         501

Date/Time:       2017-07-24 09:26:30.498 -0700
OS Version:      Mac OS X 10.11.6 (15G1611)
Report Version:  8

Thread 0:
0   libsystem_kernel.dylib        	0x00007fff8bde56d2 __getattrlist + 10
1   CarbonCore                    	0x00007fff92049439 PathGetObjectInfo(char const*, unsigned int, unsigned int, short*, unsigned int*, unsigned int*, char*, unsigned int*, unsigned char*, unsigned int*) + 199
2   CarbonCore                    	0x00007fff920492bd FSPathMakeRefInternal(unsigned char const*, unsigned int, unsigned int, FSRef*, unsigned char*) + 111
3   CoreFoundation                	0x00007fff8f416e51 _CFGetFSRefFromURL + 225
4   CoreFoundation                	0x00007fff8f416d55 CFURLGetFSRef + 37
5   CarbonCore                    	0x00007fff9205910b GetUserDomainRootRef + 219
6   CarbonCore                    	0x00007fff92058f79 GetDomainRootRef + 297
7   CarbonCore                    	0x00007fff92058def ResolveSpecialFolder + 48
8   CarbonCore                    	0x00007fff920587ff FindFolderGuts + 963
9   CarbonCore                    	0x00007fff920583dd FSFindFolder + 152
10  XUL                           	0x000000010901fe66 GetOSXFolderType(short, unsigned int, nsIFile**) + 166
11  XUL                           	0x000000010902483b nsDirectoryService::GetFile(char const*, bool*, nsIFile**) + 1355
12  XUL                           	0x0000000109023a79 FindProviderFile(nsIDirectoryServiceProvider*, FileData*) + 297
13  XUL                           	0x0000000109023880 nsDirectoryService::Get(char const*, nsID const&, void**) + 432
14  XUL                           	0x000000010ad8fb46 mozilla::GetPathToSpecialDir(char const*, nsString&) + 118
15  XUL                           	0x000000010ad8ffa6 mozilla::InitOSFileConstants() + 854
16  XUL                           	0x000000010ade0b80 mozilla::dom::workers::RuntimeService::Init() + 1712
17  XUL                           	0x000000010ade04a3 mozilla::dom::workers::RuntimeService::GetOrCreateService() + 403
18  XUL                           	0x000000010ae3788b mozilla::dom::workers::WorkerPrivate::Constructor(JSContext*, nsAString const&, bool, mozilla::dom::WorkerType, nsAString const&, nsACString const&, mozilla::dom::workers::WorkerLoadInfo*, mozilla::ErrorResult&) + 699
19  XUL                           	0x000000010ae374a9 mozilla::dom::workers::WorkerPrivate::Constructor(mozilla::dom::GlobalObject const&, nsAString const&, mozilla::dom::WorkerOptions const&, mozilla::ErrorResult&) + 73
20  XUL                           	0x000000010a427897 mozilla::dom::WorkerBinding::_constructor(JSContext*, unsigned int, JS::Value*) + 695
21  XUL                           	0x000000010c640959 InternalConstruct(JSContext*, js::AnyConstructArgs const&) + 473
22  XUL                           	0x000000010c64076e js::ConstructFromStack(JSContext*, JS::CallArgs const&) + 174
23  XUL                           	0x000000010c63ab3f Interpret(JSContext*, js::RunState&) + 35807
24  XUL                           	0x000000010c631ebc js::RunScript(JSContext*, js::RunState&) + 476
25  XUL                           	0x000000010c640245 js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) + 1125
26  XUL                           	0x000000010c640699 js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) + 41
27  XUL                           	0x000000010c9a1a89 js::fun_apply(JSContext*, unsigned int, JS::Value*) + 921
28  XUL                           	0x000000010c64013c js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) + 860
29  XUL                           	0x000000010c6d294c js::jit::DoCallFallback(JSContext*, js::jit::BaselineFrame*, js::jit::ICCall_Fallback*, unsigned int, JS::Value*, JS::MutableHandle<JS::Value>) + 988
30                                	0x00000a3d23a07107
31                                	0x000000012e51aaa0
32                                	0x00000a3d23d14571
33                                	0x000000012e509920
34                                	0x00000a3d23d14571
35                                	0x000000012e5082e0
36                                	0x00000a3d23d14571
37                                	0x000000012cf06550
38                                	0x00000a3d23d14571
39                                	0x000000012e50d7c0
40                                	0x00000a3d23d14571
41                                	0x000000012d0a3530
42                                	0x00000a3d23d14571
43                                	0x000000012d1c64b8
44                                	0x00000a3d239fb8aa
45  XUL                           	0x000000010c6decf7 EnterBaseline(JSContext*, js::jit::EnterJitData&) + 327
46  XUL                           	0x000000010c6deb42 js::jit::EnterBaselineMethod(JSContext*, js::RunState&) + 226
47  XUL                           	0x000000010c63a5d2 Interpret(JSContext*, js::RunState&) + 34418
48  XUL                           	0x000000010c631ebc js::RunScript(JSContext*, js::RunState&) + 476
49  XUL                           	0x000000010c640245 js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) + 1125
50  XUL                           	0x000000010c640699 js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) + 41
51  XUL                           	0x000000010c9a1a89 js::fun_apply(JSContext*, unsigned int, JS::Value*) + 921
52  XUL                           	0x000000010c64013c js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) + 860
53  XUL                           	0x000000010c63ab2a Interpret(JSContext*, js::RunState&) + 35786
54  XUL                           	0x000000010c631ebc js::RunScript(JSContext*, js::RunState&) + 476
55  XUL                           	0x000000010c640245 js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) + 1125
56  XUL                           	0x000000010c640699 js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) + 41
57  XUL                           	0x000000010c965684 JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) + 516
58  XUL                           	0x000000010a50ec02 mozilla::dom::Function::Call(JSContext*, JS::Handle<JS::Value>, nsTArray<JS::Value> const&, JS::MutableHandle<JS::Value>, mozilla::ErrorResult&) + 1138
59  XUL                           	0x0000000109df66c6 nsGlobalWindow::RunTimeoutHandler(mozilla::dom::Timeout*, nsIScriptContext*) + 662
60  XUL                           	0x0000000109e889cc mozilla::dom::TimeoutManager::RunTimeout(mozilla::TimeStamp const&, mozilla::TimeStamp const&) + 1996
61  XUL                           	0x0000000109e83d51 mozilla::dom::TimeoutExecutor::MaybeExecute() + 161
62  XUL                           	0x0000000109e83fc3 non-virtual thunk to mozilla::dom::TimeoutExecutor::Notify(nsITimer*) + 19
63  XUL                           	0x0000000109060397 nsTimerImpl::Fire(int) + 967
64  XUL                           	0x000000010904c16d nsTimerEvent::Run() + 221
65  XUL                           	0x0000000109052c19 mozilla::ThrottledEventQueue::Inner::ExecuteRunnable() + 249
66  XUL                           	0x0000000109052a5d mozilla::ThrottledEventQueue::Inner::Executor::Run() + 13
67  XUL                           	0x0000000109048ed4 mozilla::SchedulerGroup::Runnable::Run() + 356
68  XUL                           	0x000000010905a1f1 nsThread::ProcessNextEvent(bool, bool*) + 1681
69  XUL                           	0x0000000109057866 NS_ProcessPendingEvents(nsIThread*, unsigned int) + 70
70  XUL                           	0x000000010b01e4e1 nsBaseAppShell::NativeEventCallback() + 113
71  XUL                           	0x000000010b078936 nsAppShell::ProcessGeckoEvents(void*) + 246
72  CoreFoundation                	0x00007fff8f41b7e1 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
73  CoreFoundation                	0x00007fff8f3faf0c __CFRunLoopDoSources0 + 556
74  CoreFoundation                	0x00007fff8f3fa42f __CFRunLoopRun + 927
75  CoreFoundation                	0x00007fff8f3f9e28 CFRunLoopRunSpecific + 296
76  HIToolbox                     	0x00007fff82f81935 RunCurrentEventLoopInMode + 235
77  HIToolbox                     	0x00007fff82f8176f ReceiveNextEventCommon + 432
78  HIToolbox                     	0x00007fff82f815af _BlockUntilNextEventMatchingListInModeWithFilter + 71
79  AppKit                        	0x00007fff8c336df6 _DPSNextEvent + 1067
80  AppKit                        	0x00007fff8c336226 -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 454
81  XUL                           	0x000000010b078006 -[GeckoNSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 86
82  AppKit                        	0x00007fff8c32ad80 -[NSApplication run] + 682
83  XUL                           	0x000000010b078e50 nsAppShell::Run() + 208
84  XUL                           	0x000000010c44e8a1 XRE_RunAppShell() + 257
85  XUL                           	0x00000001094b6f79 MessageLoop::Run() + 73
86  XUL                           	0x000000010c44e5e7 XRE_InitChildProcess(int, char**, XREChildData const*) + 1783
87  plugin-container              	0x0000000108c74ee9 main + 89
88  plugin-container              	0x0000000108c74e84 start + 52
These won't be visible by default with the fix for bug 1383841.
Priority: -- → P3
Whiteboard: sbmc3 → sb+
You need to log in before you can comment on or make changes to this bug.