Closed
Bug 776840
Opened 12 years ago
Closed 11 years ago
Ensure no-rights content processes can't read user data
Categories
(Core :: IPC, defect)
Core
IPC
Tracking
()
RESOLVED
FIXED
People
(Reporter: cjones, Assigned: kang)
References
Details
(Whiteboard: [WebAPI:P0][LOE:M])
Bug 776647 gets us on the way there. I noticed with |ls -l| on device that the master b2g process is creating files that store user data with excessive perms, some o+rw and most o+r. There are three paths to get here - fix gecko to umask properly. generally useful, even on "desktop" - chroot() the content processes. This should be doable after bug 776648. - with seccomp, lock out open/stat and friends entirely
Updated•12 years ago
|
blocking-basecamp: --- → +
Assignee: nobody → gdestuynder
Updated•12 years ago
|
Whiteboard: [WebAPI:P0]
Assignee | ||
Comment 1•12 years ago
|
||
see bug 776648 for chrooting seccomp is blocked on having seccomp filter in the shipping device (ie kernel sources), nexus-s kernel support is in bug 790923 marked moco only as it involves issues with a non-released device, feel free to revert
Group: mozilla-corporation-confidential
Whiteboard: [WebAPI:P0] → [WebAPI:P0][LOE:M]
Comment 2•12 years ago
|
||
"Not going to make v1, k9o blockers".
blocking-basecamp: + → -
blocking-kilimanjaro: --- → +
Reporter | ||
Comment 3•12 years ago
|
||
Oh, sorry: I ended up looking up a bug # that wasn't this one. I think this should block. It's mostly a matter of umask()ing correctly.
blocking-basecamp: - → +
Assignee | ||
Comment 4•12 years ago
|
||
761438 fixes the umask
Updated•12 years ago
|
blocking-basecamp: + → -
Comment 5•11 years ago
|
||
Does this bug need to remain private and is there anything left to do?
Flags: needinfo?(jones.chris.g)
Reporter | ||
Comment 6•11 years ago
|
||
Oops, this didn't need to be moco private. And yeah, we've got this locked down as well as we can with gecko18/b2gv1 technology.
Group: mozilla-corporation-confidential
Status: NEW → RESOLVED
Closed: 11 years ago
Flags: needinfo?(jones.chris.g)
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•