readlinkat is unconditionally allowed in content processes

RESOLVED FIXED in Firefox 57

Status

()

P2
normal
RESOLVED FIXED
a year ago
a year ago

People

(Reporter: jld, Assigned: jld)

Tracking

Trunk
mozilla56
Unspecified
Linux
Points:
---

Firefox Tracking Flags

(firefox57 fixed)

Details

(Whiteboard: sb+)

Attachments

(1 attachment)

(Assignee)

Description

a year ago
readlink is intercepted and passed to the file broker, but readlinkat is still allowed with any arguments; basically, this means that "read access restrictions" don't apply to readlink.

If it's used only with AT_FDCWD, then it should be a simple change to handle it the same way as the other *at syscalls.

Updated

a year ago
Flags: needinfo?(jld)
Whiteboard: sb+
Target Milestone: --- → mozilla56

Updated

a year ago
Priority: -- → P2
(Assignee)

Updated

a year ago
Assignee: nobody → jld
Flags: needinfo?(jld)
Comment hidden (mozreview-request)

Comment 2

a year ago
mozreview-review
Comment on attachment 8901387 [details]
Bug 1383888 - Restrict sandboxed readlinkat() the same as readlink().

https://reviewboard.mozilla.org/r/172842/#review179626
Attachment #8901387 - Flags: review?(gpascutto) → review+

Comment 3

a year ago
Pushed by jedavis@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/59db725def82
Restrict sandboxed readlinkat() the same as readlink(). r=gcp
https://hg.mozilla.org/mozilla-central/rev/59db725def82
Status: NEW → RESOLVED
Last Resolved: a year ago
status-firefox57: --- → fixed
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.