readlinkat is unconditionally allowed in content processes

RESOLVED FIXED in Firefox 57

Status

()

defect
P2
normal
RESOLVED FIXED
2 years ago
2 years ago

People

(Reporter: jld, Assigned: jld)

Tracking

Trunk
mozilla56
Unspecified
Linux
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox57 fixed)

Details

(Whiteboard: sb+)

Attachments

(1 attachment)

readlink is intercepted and passed to the file broker, but readlinkat is still allowed with any arguments; basically, this means that "read access restrictions" don't apply to readlink.

If it's used only with AT_FDCWD, then it should be a simple change to handle it the same way as the other *at syscalls.

Updated

2 years ago
Flags: needinfo?(jld)
Whiteboard: sb+
Target Milestone: --- → mozilla56

Updated

2 years ago
Priority: -- → P2
Assignee: nobody → jld
Flags: needinfo?(jld)

Comment 2

2 years ago
mozreview-review
Comment on attachment 8901387 [details]
Bug 1383888 - Restrict sandboxed readlinkat() the same as readlink().

https://reviewboard.mozilla.org/r/172842/#review179626
Attachment #8901387 - Flags: review?(gpascutto) → review+

Comment 3

2 years ago
Pushed by jedavis@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/59db725def82
Restrict sandboxed readlinkat() the same as readlink(). r=gcp
https://hg.mozilla.org/mozilla-central/rev/59db725def82
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.