Closed Bug 943774 Opened 11 years ago Closed 11 years ago

The crash reporter doesn't work on seccomp-enabled non-profiling B2G builds.

Tracking

()

Status:

RESOLVED FIXED

Milestone:

mozilla28

People

(Reporter: jld, Assigned: jld)

References

Details

Attachments

(1 file, 1 obsolete file)

bug943774-sandbox-allow-sigaction-hg0.diff 11 years ago Jed Davis [:jld] ⟨⏰\|UTC-7⟩ ⟦he/him⟧ 1.74 KB, patch		Details \| Diff \| Splinter Review
bug943774-sandbox-allow-sigaction-hg1.diff 11 years ago Jed Davis [:jld] ⟨⏰\|UTC-7⟩ ⟦he/him⟧ 1.74 KB, patch	kang : review+	Details \| Diff \| Splinter Review

Jed Davis [:jld] ⟨⏰|UTC-7⟩ ⟦he/him⟧

Assignee

Description

•

11 years ago

Breakpad calls sigaction in its signal handler; among other uses, it checks that nothing else cleared its SA_SIGINFO flag before proceeding. If we kill the process at that point, we don't get a crash dump. We currently allow sigaction on profiling builds and only profiling builds, meaning that production builds don't produce crash dumps when sandboxed, which is bad. In the exciting future of bug 920372, we'd be able to allow sigaction to be used to read the signal disposition but not change it — however, we'd also have to modify both Breakpad and the IPC code that determines whether an exited child crashed (and maybe more things I'm not thinking of yet) in order to avoid recursive crashes. In the less exciting present: Allowing a process to change its signal handlers doesn't grant it access to resources it doesn't already have, so it seems to me that allowing it is an acceptable risk (and certainly a much smaller risk than other interfaces we're already allowing with the expectation of restricting them later).

Jed Davis [:jld] ⟨⏰|UTC-7⟩ ⟦he/him⟧

Assignee

Comment 1

•

11 years ago

Attached patch bug943774-sandbox-allow-sigaction-hg0.diff (obsolete) — Details — Splinter Review

Attachment #8339132 - Flags: review?(gdestuynder)

Jed Davis [:jld] ⟨⏰|UTC-7⟩ ⟦he/him⟧

Assignee

Comment 2

•

11 years ago

Attached patch bug943774-sandbox-allow-sigaction-hg1.diff — Details — Splinter Review

Fix obvious mistake in preprocessor directives.

Attachment #8339132 - Attachment is obsolete: true

Attachment #8339132 - Flags: review?(gdestuynder)

Attachment #8339181 - Flags: review?(gdestuynder)

Guillaume Destuynder [:kang] [this account is no longer active]

Comment 3

•

11 years ago

Comment on attachment 8339181 [details] [diff] [review] bug943774-sandbox-allow-sigaction-hg1.diff Review of attachment 8339181 [details] [diff] [review]: ----------------------------------------------------------------- yes, sigaction is ok.

Attachment #8339181 - Flags: review?(gdestuynder) → review+

Jed Davis [:jld] ⟨⏰|UTC-7⟩ ⟦he/him⟧

Assignee

Comment 4

•

11 years ago

→ b2g-inbound.

Keywords: checkin-needed

Ryan VanderMeulen [:RyanVM]

Comment 5

•

11 years ago

https://hg.mozilla.org/integration/mozilla-inbound/rev/fdd48523bfbe

Keywords: checkin-needed

Carsten Book [:Tomcat]

Comment 6

•

11 years ago

https://hg.mozilla.org/mozilla-central/rev/fdd48523bfbe

Status: NEW → RESOLVED

Closed: 11 years ago

Resolution: --- → FIXED

Target Milestone: --- → mozilla28

You need to log in before you can comment on or make changes to this bug.

bug943774-sandbox-allow-sigaction-hg0.diff 11 years ago Jed Davis [:jld] ⟨⏰\|UTC-7⟩ ⟦he/him⟧ 1.74 KB, patch		Details \| Diff \| Splinter Review
bug943774-sandbox-allow-sigaction-hg1.diff 11 years ago Jed Davis [:jld] ⟨⏰\|UTC-7⟩ ⟦he/him⟧ 1.74 KB, patch	kang : review+	Details \| Diff \| Splinter Review

Bugzilla

Quick Search

The crash reporter doesn't work on seccomp-enabled non-profiling B2G builds.

Categories

(Core :: Security, defect)

Tracking

()

People

(Reporter: jld, Assigned: jld)

References

Details

Crash Data

Security

(public)

User Story

Attachments

(1 file, 1 obsolete file)

Description

Comment 1

Comment 2

Comment 3

Comment 4

Comment 5

Comment 6

Attachment

General

Description

File Name

Content Type