Closed Bug 776840 Opened 12 years ago Closed 11 years ago

Ensure no-rights content processes can't read user data

Categories

(Core :: IPC, defect)

Product:
Core
Component:
IPC
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Project Flags:
blocking-kilimanjaro +
blocking-basecamp -

People

(Reporter: cjones, Assigned: kang)

References

Details

(Whiteboard: [WebAPI:P0][LOE:M]) 

Bug 776647 gets us on the way there.  I noticed with |ls -l| on device that the master b2g process is creating files that store user data with excessive perms, some o+rw and most o+r.  There are three paths to get here
 - fix gecko to umask properly. generally useful, even on "desktop"
 - chroot() the content processes.  This should be doable after bug 776648.
 - with seccomp, lock out open/stat and friends entirely
blocking-basecamp: --- → +
Assignee: nobody → gdestuynder
Whiteboard: [WebAPI:P0]
see bug 776648 for chrooting
seccomp is blocked on having seccomp filter in the shipping device (ie kernel sources), nexus-s kernel support is in bug 790923

marked moco only as it involves issues with a non-released device, feel free to revert
Group: mozilla-corporation-confidential
Whiteboard: [WebAPI:P0] → [WebAPI:P0][LOE:M]
"Not going to make v1, k9o blockers".
blocking-basecamp: + → -
blocking-kilimanjaro: --- → +
Oh, sorry: I ended up looking up a bug # that wasn't this one.  I think this should block.  It's mostly a matter of umask()ing correctly.
blocking-basecamp: - → +
761438 fixes the umask
blocking-basecamp: + → -
Does this bug need to remain private and is there anything left to do?
Flags: needinfo?(jones.chris.g)
Oops, this didn't need to be moco private.  And yeah, we've got this locked down as well as we can with gecko18/b2gv1 technology.
Group: mozilla-corporation-confidential
Status: NEW → RESOLVED
Closed: 11 years ago
Flags: needinfo?(jones.chris.g)
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.