Closed Bug 1383888 Opened 4 years ago Closed 4 years ago
readlinkat is unconditionally allowed in content processes
59 bytes, text/x-review-board-request
readlink is intercepted and passed to the file broker, but readlinkat is still allowed with any arguments; basically, this means that "read access restrictions" don't apply to readlink. If it's used only with AT_FDCWD, then it should be a simple change to handle it the same way as the other *at syscalls.
Target Milestone: --- → mozilla56
Assignee: nobody → jld
Comment on attachment 8901387 [details] Bug 1383888 - Restrict sandboxed readlinkat() the same as readlink(). https://reviewboard.mozilla.org/r/172842/#review179626
Attachment #8901387 - Flags: review?(gpascutto) → review+
Pushed by firstname.lastname@example.org: https://hg.mozilla.org/integration/autoland/rev/59db725def82 Restrict sandboxed readlinkat() the same as readlink(). r=gcp
You need to log in before you can comment on or make changes to this bug.