Bug 942695 (desktop-seccomp-ongoing)

Tracking bug for tightening the seccomp-bpf whitelist for Linux Desktop

NEW
Unassigned

Status

()

defect
6 years ago
2 years ago

People

(Reporter: ckerschb, Unassigned)

Tracking

({meta})

Firefox Tracking Flags

(Not tracked)

Details

Currently the seccomp filter sandboxing uses to allow syscalls [1] relies on a very open whitelist that allows to run firefox using that sandbox. Over time, we want to eliminate dangerous syscalls from that whitelist; definitely the following (probably even more):

  open
  prctl
  access
  unlink
  fsync
  socketpair
  sendmsg  
  socket
  chmod
  execve
  rename
  symlink
  connect
  quotactl
  kill
  sendto

For more information, please also see [2].

[1] http://mxr.mozilla.org/mozilla-central/source/security/sandbox/linux/seccomp_filter.h
[2] https://wiki.mozilla.org/FoxInABox
Probably obvious, but mentioning the steps to get started to work on sandboxing for linux desktop:

> Update your .mozconfig and add those two lines:
    ac_add_options --enable-content-sandbox
    ac_add_options --enable-content-sandbox-reporter

> Enable e10s. Do this in about:config by setting:
     browser.tabs.remote = true;
  then restart your browser.

> You can apply the following patch to send the child process to sleep for 120 seconds.
  Use the 'ps' command to find the process Id, and then attach gdb once the process wakes up. 

--- a/security/sandbox/linux/Sandbox.cpp
+++ b/security/sandbox/linux/Sandbox.cpp
@@ -138,16 +138,21 @@ InstallSyscallFilter(void)
 {
   if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) {
     return 1;
   }
 
   if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &seccomp_prog, 0, 0)) {
     return 1;
   }
+
+  printf("\n\n going to sleep...\n\n");
+  sleep(120);
+  printf("\n\n waking up ...\n\n");
+
   return 0;
 }
(Reporter)

Updated

6 years ago
Depends on: 936274
(Reporter)

Updated

6 years ago
Depends on: 942696
(Reporter)

Updated

6 years ago
Depends on: 942698
(Reporter)

Updated

6 years ago
Blocks: 925570
Move process sandboxing bugs to their new, separate component.

(Sorry for the bugspam; filter on 3c21328c-8cfb-4819-9d88-f6e965067350.)
Component: Security → Security: Process Sandboxing
Alias: desktop-seccomp-ongoing
Keywords: meta
You need to log in before you can comment on or make changes to this bug.