Allow brk() in the common sandbox policy
Categories
(Core :: Security: Process Sandboxing, defect, P1)
Tracking
()
Tracking | Status | |
---|---|---|
firefox-esr60 | --- | unaffected |
firefox-esr68 | --- | wontfix |
firefox68 | --- | wontfix |
firefox69 | --- | wontfix |
firefox70 | --- | fixed |
People
(Reporter: jld, Assigned: gcp)
References
(Regression)
Details
(Keywords: regression)
Attachments
(1 file)
47 bytes,
text/x-phabricator-request
|
RyanVM
:
approval-mozilla-beta-
|
Details | Review |
glibc's malloc
will call sbrk
, which uses the system call brk
. We're allowing this for content and GMP processes, but not RDD. Because it's (potentially) used by malloc, it should be in the common policy.
It would also be nice if we could detect at build time whether we're using our own malloc, so we can make those rules conditional.
Reporter | ||
Comment 1•5 years ago
|
||
Here's an example, reported in IRC #developers
. It's actually free
trying to shrink the sbrk
heap, but the principle is the same.
Updated•5 years ago
|
Assignee | ||
Updated•5 years ago
|
Assignee | ||
Comment 3•5 years ago
|
||
Updated•5 years ago
|
Assignee | ||
Comment 4•5 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=632813feb83c808288e3c8e839046eaa8e9079c2
Pushed by gpascutto@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/2679dd0ac879 Whitelist brk syscall if jemalloc is disabled. r=jld
Comment 6•5 years ago
|
||
bugherder |
Comment 7•5 years ago
|
||
I assume this is something we're going to want to uplift for the sake of downstream distros?
Assignee | ||
Comment 8•5 years ago
|
||
This is riskfree so we can uplift, but I sure as hell hope downstream distros don't disable jemalloc because it would disable a lot of our memory hardening work.
Comment 9•5 years ago
|
||
Per IRC discussion, it doesn't sound like there's any compelling argument for backport here even though it's effectively NPOTB for builds we ship.
Assignee | ||
Comment 10•5 years ago
|
||
Comment on attachment 9085516 [details]
Bug 1573578 - Whitelist brk syscall if jemalloc is disabled. r?jld
Beta/Release Uplift Approval Request
- User impact if declined: Custom builds with jemalloc disabled and the sandbox enabled (this excludes ASAN) can crash.
- Is this code covered by automated tests?: No
- Has the fix been verified in Nightly?: Yes
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): The code change is not active for our own builds.
- String changes made/needed:
Updated•5 years ago
|
Updated•2 years ago
|
Description
•