Closed Bug 1438389 Opened 2 years ago Closed 2 years ago

Nvidia GL is calling chown() in content processes

Categories

(Core :: Security: Process Sandboxing, enhancement, P1)

60 Branch
Unspecified
Linux
enhancement

Tracking

()

RESOLVED FIXED
mozilla60
Tracking Status
firefox60 --- fixed

People

(Reporter: jld, Assigned: jld)

Details

Crash Data

Attachments

(1 file)

The Nvidia GL driver seems to get a little confused when the /dev/nvidia* permissions aren't quite what it expects due to user namespaces — e.g., trying to shell out to nvidia-modprobe — and we've had problems in the past with it trying to mknod() the devices when they (apparently?) don't exist.

And now it's trying to chown() something; this isn't happening for me, but I'm seeing it crash-stats.  It's simple enough to fail with EPERM.
Crash Signature: [@ libc-2.25.so@0x10338a ] → [@ libc-2.23.so@0xdc187 ]
Priority: -- → P1
Comment on attachment 8951463 [details]
Bug 1438389 - Quietly disallow chown() in sandboxed content processes.

https://reviewboard.mozilla.org/r/220768/#review227858
Attachment #8951463 - Flags: review?(gpascutto) → review+
Pushed by jedavis@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/d853ce9b3dd3
Quietly disallow chown() in sandboxed content processes. r=gcp
https://hg.mozilla.org/mozilla-central/rev/d853ce9b3dd3
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla60
Crash Signature: [@ libc-2.23.so@0xdc187 ] → [@ libc-2.23.so@0xdc187 ] [@ libc-2.25.so@0xea637 ]
You need to log in before you can comment on or make changes to this bug.