Closed Bug 1496991 Opened 7 years ago Closed 7 years ago

Native extension API leaks network connections to host binary

Categories

(WebExtensions :: General, defect)

Product:
WebExtensions
Component:
General
Version:
62 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1452461

People

(Reporter: chemobejk, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0 Steps to reproduce: I tested the new browser integration in KDE Plasma 5.13 and noticed that the native host program seems to create outgoing network connections, although it shouldn't. After filing a bug upstream https://bugs.kde.org/show_bug.cgi?id=399449 a KDE developer on #plasma@freenode looked into the issue: (19:27:30) fvogt: Hm, it looks like it's a firefox bug (19:27:45) fvogt: The connections are listed as opened by pbi as firefox leaked some socket fds into the process (19:28:21) fvogt: Oh, yeah (19:28:31) fvogt: Firefox doesn't use O_CLOEXEC in many places (19:28:59) _stefanb: could you fix it in the host part? (19:29:11) fvogt: We could work around it, yes (19:29:33) fvogt: Please file a bug report upstream at firefox though The leakage would also explain why the connections are listed as CLOSE_WAIT, because nobody is closing the leaked fds. Platform: Fedora 29, Linux, x86_64 $ rpm -q firefox plasma-browser-integration firefox-62.0-3.fc29.x86_64 plasma-browser-integration-5.13.5-1.fc29.x86_64 Actual results: Snapshot from my test system: $ netstat -tnp | fgrep -e plasma- -e firefox tcp 0 0 192.168.3.6:39846 xxxx:443 ESTABLISHED 1753/firefox tcp 0 0 192.168.3.6:33556 xxxx:443 ESTABLISHED 1753/firefox ... many more open connections from firefox .... tcp 2194537 0 192.168.3.6:49664 xxxx:443 ESTABLISHED 1753/firefox tcp 1 0 192.168.3.6:35696 104.16.111.25:443 CLOSE_WAIT 2686/plasma-browser tcp 32 0 192.168.3.6:57386 151.101.193.69:443 CLOSE_WAIT 2686/plasma-browser ... tcp 8692 0 192.168.3.6:50810 104.20.117.11:443 CLOSE_WAIT 2686/plasma-browser $ ps -efw | fgrep 2686 stefanb 2686 1753 0 09:38 ? 00:00:00 /usr/bin/plasma-browser-integration-host /usr/lib64/mozilla/native-messaging-hosts/org.kde.plasma.browser_integration.json plasma-browser-integration@kde.org Expected results: Firefox should not leak open file descriptors to the native extension program.
I tried the workaround from https://phabricator.kde.org/D15984 and now I don't see any outgoing network connections from pbi anymore. The analysis of the KDE developer therefore is correct: firefox leaks open fds when exec()'ing the native host binary.
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.