Closed Bug 1408438 Opened 7 years ago Closed 3 years ago

Remove O_ASYNC from Linux sandbox file broker allowed flags

Categories

(Core :: Security: Process Sandboxing, enhancement, P3)

Product:
Core
Component:
Security: Process Sandboxing
Platform:
Unspecified
Linux
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
96 Branch
Tracking Flags:
Tracking Status
firefox58 --- wontfix
firefox96 --- fixed

People

(Reporter: jld, Assigned: jld)

References

Details

(Whiteboard: sb+)

Attachments

(1 file)

Bug 1408438 - Remove O_ASYNC from Linux sandbox file broker allowed flags.
48 bytes, text/x-phabricator-request
Details | Review 
We intend for the sandbox to prevent the use of the file flag O_ASYNC, which sends signals when I/O is possible, but it's an allowed flag for opening files via the broker.  This oversight should be corrected; we've already blocked FIOASYNC in bug 1405891 and plan to block O_ASYNC in bug 1328896.

The open(2) man page's BUGS section notes that O_ASYNC doesn't work unless it's set via fcntl(2), and a look at the kernel source seems to confirm this, but it's considered a bug and therefore may eventually be fixed. 

Also, this probably isn't weaponizable once bug 1328896 blocks F_SETOWN — the documentation isn't optimally clear, but the default is no owner and setting O_ASYNC doesn't appear to change that.

So this is a minor issue, but it's also a one-line fix.
Priority: -- → P3
Whiteboard: sb+
Assignee: nobody → jld
Pushed by jedavis@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/2c7ad3e171d6
Remove O_ASYNC from Linux sandbox file broker allowed flags. r=gcp

https://hg.mozilla.org/mozilla-central/rev/2c7ad3e171d6

Status: NEW → RESOLVED
Closed: 3 years ago
status-firefox96: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 96 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: