Closed Bug 1438389 Opened 6 years ago Closed 6 years ago

Nvidia GL is calling chown() in content processes

Categories

(Core :: Security: Process Sandboxing, enhancement, P1)

Product:
Core
Component:
Security: Process Sandboxing
Version:
60 Branch
Platform:
Unspecified
Linux
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla60
Tracking Flags:
Tracking Status
firefox60 --- fixed

People

(Reporter: jld, Assigned: jld)

Details

Crash Data

Attachments

(1 file)

Bug 1438389 - Quietly disallow chown() in sandboxed content processes.
59 bytes, text/x-review-board-request
gcp
: review+
Details 
The Nvidia GL driver seems to get a little confused when the /dev/nvidia* permissions aren't quite what it expects due to user namespaces — e.g., trying to shell out to nvidia-modprobe — and we've had problems in the past with it trying to mknod() the devices when they (apparently?) don't exist.

And now it's trying to chown() something; this isn't happening for me, but I'm seeing it crash-stats.  It's simple enough to fail with EPERM.
Crash Signature: [@ libc-2.25.so@0x10338a ] → [@ libc-2.23.so@0xdc187 ]
Priority: -- → P1
Comment on attachment 8951463 [details]
Bug 1438389 - Quietly disallow chown() in sandboxed content processes.

https://reviewboard.mozilla.org/r/220768/#review227858
Attachment #8951463 - Flags: review?(gpascutto) → review+
Pushed by jedavis@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/d853ce9b3dd3
Quietly disallow chown() in sandboxed content processes. r=gcp
https://hg.mozilla.org/mozilla-central/rev/d853ce9b3dd3
Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox60: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla60
Crash Signature: [@ libc-2.23.so@0xdc187 ] → [@ libc-2.23.so@0xdc187 ] [@ libc-2.25.so@0xea637 ]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: