Closed
Bug 776648
Opened 12 years ago
Closed 11 years ago
Pass needed fds to child process through fd remap after fork()
Categories
(Core :: IPC, defect)
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: cjones, Assigned: kang)
References
Details
(Whiteboard: [WebAPI:P0][LOE:M])
There are some files that no-rights content processes need access to, like omni.ja. When we fork the content process, we should hand it these fds beforehand, before we cut off their access to the file system. Assigning to Guillaume because he has most of the code to do this already.
Updated•12 years ago
|
blocking-basecamp: --- → ?
Whiteboard: [blocked-on-input]
Comment 1•12 years ago
|
||
I forget why we're blocked on input here. Can anyone enlighten me?
Updated•12 years ago
|
blocking-basecamp: ? → +
Updated•12 years ago
|
Whiteboard: [blocked-on-input] → [blocked-on-input] [WebAPI:P0]
Assignee | ||
Comment 2•12 years ago
|
||
For omni.jar (grepOmni and appOmni) i only found it in XRE_InitCommandLine() at gecko/toolkit/xre/nsAppRunner.cpp. Ie, that's opened from the child process instead of passing a FD. I initialize the sandbox (which cuts off access to the filesystem) inside ContentProcess::Init(), after mContent.InitXPCOM(), which, as far as I understand, is run after XRE_InitCommandLine() If not, the sandbox that cuts off file system access can be initialized elsewhere, too. Once initialized we just can't go back. We can also initialize it before exec'ing the child process (the restrictions are inherited), but that means all fds need to be opened and passed before hand, which might be a quite large code modification. Additionally, apps like the camera attempt to open: /vendor/lib/hw/camera.herring.so and /vendor/lib/libs3cjpeg.so (Nexus S) I'm auditing them with: strace -p <PID> -xx -s64 -e trace=file And the regular: ls -l /proc/<PID>/fd/ For open fds.
Assignee | ||
Updated•12 years ago
|
Whiteboard: [blocked-on-input] [WebAPI:P0] → [blocked-on-input] [WebAPI:P0][LOE:M]
Comment 3•12 years ago
|
||
Clearing blocked-on-input since I have no idea why I put it there :)
Whiteboard: [blocked-on-input] [WebAPI:P0][LOE:M] → [WebAPI:P0][LOE:M]
Comment 4•12 years ago
|
||
discussed - "Not going to make v1, k9o blockers".
blocking-basecamp: + → -
blocking-kilimanjaro: --- → +
Reporter | ||
Comment 5•12 years ago
|
||
This is needed for OS level strong sandboxing, which won't make v1.
Assignee | ||
Comment 6•11 years ago
|
||
this is AFAIK no longer needed. the privileges are set after the process has been started and initialized, effectively giving us a similar security level. see also bug 862082 and bug 790923 as usual, feel free to reopen if this becomes an issue, or if desktop sandboxing for other platforms needs it (in this case, please change the assignee as well)
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•