1564434 - MT_safe_localtime generates incorrect value in sandboxed content process

Status: RESOLVED FIXED

(Core :: Security: Process Sandboxing, defect, P1)

Description

[Gary Chen [:xeonchen]]

Attachment: 0001-Display-localtime-of-Jan.-2-1970.patch

In the attached patch, it shows correct timezone in chrome process (in my case, localtime=01:00), but always shows localtime=00:00 in content process unless setting MOZ_DISABLE_CONTENT_SANDBOX=1 or disable e10s.

This only happens on macOS.

Comment 1

[Haik Aftandilian [:haik]]

Gary, could you include which version of macOS you are hitting this on?

Comment 2

[Gary Chen [:xeonchen]]

(In reply to Haik Aftandilian [:haik] from comment #1)

Gary, could you include which version of macOS you are hitting this on?

Sure, it's macOS Mojave 10.14.5.

Comment 3

[Haik Aftandilian [:haik]]

Attachment: Test patch granting access to timezone paths in content processes

@xeonchen, could you test with this patch and let me know if the problem is still reproducible?

The problem is intermittent for me (tested on 10.14 only so far) and I haven't determined why yet.

Comment 4

[Gary Chen [:xeonchen]]

(In reply to Haik Aftandilian [:haik] from comment #3)

Created attachment 9083873 [details] [diff] [review]
Test patch granting access to timezone paths in content processes

@xeonchen, could you test with this patch and let me know if the problem is still reproducible?

The problem is intermittent for me (tested on 10.14 only so far) and I haven't determined why yet.

The patch works well on my mac, thank you Haik!

Comment 5

[Haik Aftandilian [:haik]]

Attachment: Bug 1564434 - MT_safe_localtime generates incorrect value in sandboxed content process

Allow access to timezone data files from the content/flash/GMP/utility sandbox.

Remove unneeded regex providing access to ^/private/tmp/KSInstallAction. files.

Comment 6

[Haik Aftandilian [:haik]]

Some stack traces showing where these timezone files are read from during content process launch:

/var/db/timezone/zoneinfo/UTC:
              libsystem_kernel.dylib`__open_nocancel+0xa
              libsystem_c.dylib`gmtload+0x23
              libsystem_c.dylib`tzsetwall_basic+0xcd
              libsystem_c.dylib`localtime_r+0x29
              CoreFoundation`__postAndResetMidnight+0x32
              CoreFoundation`____initDayChangedNotification_block_invoke+0x51
              libdispatch.dylib`_dispatch_client_callout+0x8
              libdispatch.dylib`_dispatch_once_callout+0x14
              CoreFoundation`__initDayChangedNotification+0x22
              CoreFoundation`__CFNotificationCenterGetLocalCenter_block_invoke+0x9b
              libdispatch.dylib`_dispatch_client_callout+0x8
              libdispatch.dylib`_dispatch_once_callout+0x14
              CoreFoundation`_CFXNotificationGetTaskCenter+0x29
              Foundation`__standardDefaultCenter_block_invoke+0x22
              libdispatch.dylib`_dispatch_client_callout+0x8
              libdispatch.dylib`_dispatch_once_callout+0x14
              Foundation`standardDefaultCenter+0x84
              Foundation`-[NSThread start]+0xc5

/var/db/timezone/icutz/icutz44l.dat:
              libsystem_kernel.dylib`__open+0xa
              libicucore.A.dylib`0x00007fff70a6833f+0x1b1
              libicucore.A.dylib`0x00007fff70a6801c+0x127
              libicucore.A.dylib`0x00007fff70a674e4+0x772
              libicucore.A.dylib`0x00007fff70a83327+0x52
              libicucore.A.dylib`0x00007fff70a82986+0x1f6
              libicucore.A.dylib`0x00007fff70a819d8+0x1c5
              libicucore.A.dylib`0x00007fff70a809e2+0x4de
              libicucore.A.dylib`ures_getByKey+0xb4
              libicucore.A.dylib`icu::ZoneMeta::getCanonicalCLDRID(icu::UnicodeString const&, UErrorCode&)+0x235
              libicucore.A.dylib`icu::ZoneMeta::getCanonicalCLDRID(icu::UnicodeString const&, icu::UnicodeString&, UErrorCode&)+0x19
              libicucore.A.dylib`icu::TimeZone::getCanonicalID(icu::UnicodeString const&, icu::UnicodeString&, signed char&, UErrorCode&)+0x92
              libicucore.A.dylib`ucal_getCanonicalTimeZoneID+0xc4
              CoreFoundation`__nameStringOK+0xc5
              CoreFoundation`-[__NSPlaceholderTimeZone __initWithName:cache:]+0x4a
              CoreFoundation`+[NSTimeZone timeZoneWithName:]+0x2b
              CoreFoundation`+[NSTimeZone systemTimeZone]+0x21f
              CoreFoundation`+[NSTimeZone defaultTimeZone]+0x42
              CoreFoundation`CFTimeZoneCopyDefault+0x25
              LaunchServices`asString(void const*)+0xab1

Comment 7

[Haik Aftandilian [:haik]]

I couldn't find any reason to grant read access to KSInstallAction paths in current or older macOS releases so I'm removing the regex granting access.

Comment 8

[Pulsebot]

Pushed by haftandilian@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/d31b2cbd89ec
MT_safe_localtime generates incorrect value in sandboxed content process r=handyman

Comment 9

[Bogdan Tara[:bogdan_tara | bogdant]]

https://hg.mozilla.org/mozilla-central/rev/d31b2cbd89ec

Comment 10

[Georg Koppen]

I am curious, why does this block bug 1560574 given that the latter is a Windows-only issue and this one is a macOS-only one?

Comment 11

[Gary Chen [:xeonchen]]

(In reply to Georg Koppen from comment #10)

I am curious, why does this block bug 1560574 given that the latter is a Windows-only issue and this one is a macOS-only one?

Good question :)

The patch I made in bug 1560574 fixes the scenario under Windows environment, however it also makes a regression that macOS always displays GMT timezone when RFP is disabled unless this bug is being fixed.