Open Bug 1408438 Opened 2 years ago Updated 2 years ago

Remove O_ASYNC from Linux sandbox file broker allowed flags


(Core :: Security: Process Sandboxing, enhancement, P3)




Tracking Status
firefox58 --- affected


(Reporter: jld, Unassigned)



(Whiteboard: sb+)

We intend for the sandbox to prevent the use of the file flag O_ASYNC, which sends signals when I/O is possible, but it's an allowed flag for opening files via the broker.  This oversight should be corrected; we've already blocked FIOASYNC in bug 1405891 and plan to block O_ASYNC in bug 1328896.

The open(2) man page's BUGS section notes that O_ASYNC doesn't work unless it's set via fcntl(2), and a look at the kernel source seems to confirm this, but it's considered a bug and therefore may eventually be fixed. 

Also, this probably isn't weaponizable once bug 1328896 blocks F_SETOWN — the documentation isn't optimally clear, but the default is no owner and setting O_ASYNC doesn't appear to change that.

So this is a minor issue, but it's also a one-line fix.
Priority: -- → P3
Whiteboard: sb+
You need to log in before you can comment on or make changes to this bug.