Closed
Bug 1508072
Opened 5 years ago
Closed 4 months ago
Fix our sandbox rules for mremap
Categories
(Core :: Security: Process Sandboxing, enhancement, P2)
Tracking
()
RESOLVED
FIXED
122 Branch
Tracking | Status | |
---|---|---|
firefox122 | --- | fixed |
People
(Reporter: jld, Assigned: jld)
References
Details
Attachments
(1 file)
Currently we're allowing mremap unconditionally in content processes and only content processes. But there are two reasons we need to care about it: 1. glibc's realloc() uses it, with MREMAP_MAYMOVE, for large allocations; see bug 1286119. This should be relevant only when #ifndef MOZ_MEMORY, but it could apply to any process type. 2. Our wasm runtime uses it, with no flags (in-place resize only), on 32-bit platforms; this one does apply only to content processes. 3. Also SQLite will use it to resize file mappings, but it has a runtime fallback and I don't think we're using SQLite outside the parent process in any case. I noticed this while refactoring the file- and memory-related sandbox rules for bug 1500297 / bug 1506291, but the fix will tighten the sandbox and could cause regressions, so I'd prefer to land it as a separate commit.
Assignee | ||
Updated•5 years ago
|
Priority: -- → P2
Assignee | ||
Updated•5 years ago
|
Assignee | ||
Updated•5 years ago
|
Summary: FIx our sandbox rules for mremap → Fix our sandbox rules for mremap
Updated•2 years ago
|
Severity: normal → S3
Assignee | ||
Comment 1•5 months ago
|
||
Note that mremap calls from libc realloc implementations are now
handled in SandboxPolicyCommon (for all process types), while
ContentSandboxPolicy now handles only the wasm-specific use case.
Pushed by jedavis@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/9a95c6831ed2 Restrict the sandbox rule for mremap as used for wasm array buffers. r=gcp
Comment 3•4 months ago
|
||
bugherder |
Status: NEW → RESOLVED
Closed: 4 months ago
status-firefox122:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 122 Branch
You need to log in
before you can comment on or make changes to this bug.
Description
•