Closed Bug 993145 Opened 10 years ago Closed 10 years ago

Skip sandbox initialization on non-seccomp-capable Linux systems

Categories

(Core :: Security, defect)

Product:
Core
Component:
Security
Platform:
ARM
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla31
Tracking Flags:
Tracking Status
b2g-v1.2 --- unaffected
b2g-v1.3 --- wontfix
b2g-v1.3T --- wontfix
b2g-v1.4 --- affected
b2g-v2.0 --- affected

People

(Reporter: jld, Assigned: jld)

References

Details

Attachments

(1 file, 1 obsolete file)

bug993145-omit-needless-sandbox-hg1.diff
1.41 KB, patch
jld
: review+
Details | Diff | Splinter Review 
As a workaround for bug 985775, we could check for seccomp support and, if not present, completely skip sandbox initialization and thus avoid the use of realtime signals that confuses old versions of gdbserver.  This would allow us to avoid changing manifests (and potentially introducing breakage) for a large number of pre-KitKat B2G devices.

Method 1. prctl(PR_GET_SECCOMP) will fail with EINVAL if no seccomp support is present.  This seems to be the case on Android kernels that haven't specifically been patched for seccomp-bpf.

Method 2. prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, nullptr) should work to test more specifically for seccomp-bpf — it will fail with EFAULT if seccomp-bpf is present and EINVAL otherwise.  But I don't know that this trick would gain us anything in practice.

        Attachment #8403034 -
        Flags: review?(gdestuynder)

    
    

    
  
given that this is supposed to be used for desktop too, i would use method 2.

    
    

    
  
Comment on attachment 8403034 [details] [diff] [review]
bug933145-omit-needless-sandbox-hg0.diff

Review of attachment 8403034 [details] [diff] [review]:
-----------------------------------------------------------------

Other than the method this looks fine

        Attachment #8403034 -
        Flags: review?(gdestuynder) → review+

    
    

    
  
(In reply to Guillaume Destuynder [:kang] (use NEEDINFO!) from comment #2)
> given that this is supposed to be used for desktop too, i would use method 2.

On desktop we'll hopefully have a more up-to-date toolchain.

    
    

    
  


  
Fixed bug number in commit message; carrying over r+.

        Attachment #8403034 -
        Attachment is obsolete: true

        Attachment #8404293 -
        Flags: review+

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/d0137753c9d6
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla31

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: