Socket process crashes on startup if Linux sandbox disabled via pref
Categories
(Core :: Networking, defect, P1)
Tracking
()
Tracking | Status | |
---|---|---|
firefox-esr68 | --- | unaffected |
firefox75 | --- | unaffected |
firefox76 | --- | disabled |
firefox77 | --- | fixed |
People
(Reporter: jld, Assigned: jld)
References
(Regression)
Details
(Keywords: regression, Whiteboard: [necko-triaged])
Attachments
(1 file)
The socket process sandbox is enabled at launch time if the pref security.sandbox.socket.process.level
is 1 and the env var MOZ_DISABLE_SOCKET_PROCESS_SANDBOX
isn't set.
However, the child process itself is sent InitLinuxSandbox
unconditionally; the sandboxing code checks the env var only, because it's copying code that goes back to the B2G content sandbox and desktop GMP sandbox, neither of which was ever controlled by prefs. (Also, that file can't call into prefs code because it's in the wrong linkage unit.)
As a result, if the socket process sandbox is disabled by changing the pref (or never having set it, as in bug 1621601), the process crashes on startup when it tries to start sandboxing and fails an assertion.
I have a patch to fix this.
Assignee | ||
Updated•4 years ago
|
Updated•4 years ago
|
Updated•4 years ago
|
Comment 1•4 years ago
|
||
I saw this crash on try.
https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=295656490&repo=try&lineNumber=7118
It'd be great to have this fixed. Thanks.
Assignee | ||
Comment 2•4 years ago
|
||
Assignee | ||
Comment 3•4 years ago
•
|
||
I have a Try run where tests fail (without my patch) and one where they succeed (with the patch).
(Edited for clarity.)
Updated•4 years ago
|
Comment 4•4 years ago
|
||
Hey Michael, are you still available to review this patch?
Comment 5•4 years ago
|
||
I apologize for the delay! I completely lost track of that request.
Pushed by jedavis@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/4f69ccd82391 Avoid socket process crash on startup when its sandbox is disabled by pref on Linux. r=mjf,necko-reviewers
Comment 7•4 years ago
|
||
bugherder |
Updated•4 years ago
|
Updated•4 years ago
|
Description
•