Closed Bug 1383888 Opened 3 years ago Closed 3 years ago

readlinkat is unconditionally allowed in content processes

Categories

(Core :: Security: Process Sandboxing, defect, P2)

Unspecified
Linux
defect

Tracking

()

RESOLVED FIXED
mozilla56
Tracking Status
firefox57 --- fixed

People

(Reporter: jld, Assigned: jld)

References

Details

(Whiteboard: sb+)

Attachments

(1 file)

readlink is intercepted and passed to the file broker, but readlinkat is still allowed with any arguments; basically, this means that "read access restrictions" don't apply to readlink.

If it's used only with AT_FDCWD, then it should be a simple change to handle it the same way as the other *at syscalls.
Flags: needinfo?(jld)
Whiteboard: sb+
Target Milestone: --- → mozilla56
Priority: -- → P2
Assignee: nobody → jld
Flags: needinfo?(jld)
Comment on attachment 8901387 [details]
Bug 1383888 - Restrict sandboxed readlinkat() the same as readlink().

https://reviewboard.mozilla.org/r/172842/#review179626
Attachment #8901387 - Flags: review?(gpascutto) → review+
Pushed by jedavis@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/59db725def82
Restrict sandboxed readlinkat() the same as readlink(). r=gcp
https://hg.mozilla.org/mozilla-central/rev/59db725def82
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.