Closed
Bug 993145
Opened 11 years ago
Closed 11 years ago
Skip sandbox initialization on non-seccomp-capable Linux systems
Categories
(Core :: Security, defect)
Tracking
()
RESOLVED
FIXED
mozilla31
| Tracking | Status | |
|---|---|---|
| b2g-v1.2 | --- | unaffected |
| b2g-v1.3 | --- | wontfix |
| b2g-v1.3T | --- | wontfix |
| b2g-v1.4 | --- | affected |
| b2g-v2.0 | --- | affected |
People
(Reporter: jld, Assigned: jld)
References
Details
Attachments
(1 file, 1 obsolete file)
|
1.41 KB,
patch
|
jld
:
review+
|
Details | Diff | Splinter Review |
As a workaround for bug 985775, we could check for seccomp support and, if not present, completely skip sandbox initialization and thus avoid the use of realtime signals that confuses old versions of gdbserver. This would allow us to avoid changing manifests (and potentially introducing breakage) for a large number of pre-KitKat B2G devices.
Method 1. prctl(PR_GET_SECCOMP) will fail with EINVAL if no seccomp support is present. This seems to be the case on Android kernels that haven't specifically been patched for seccomp-bpf.
Method 2. prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, nullptr) should work to test more specifically for seccomp-bpf — it will fail with EFAULT if seccomp-bpf is present and EINVAL otherwise. But I don't know that this trick would gain us anything in practice.
|
Assignee | |
Comment 1•11 years ago
|
||
Attachment #8403034 -
Flags: review?(gdestuynder)
given that this is supposed to be used for desktop too, i would use method 2.
Comment on attachment 8403034 [details] [diff] [review]
bug933145-omit-needless-sandbox-hg0.diff
Review of attachment 8403034 [details] [diff] [review]:
-----------------------------------------------------------------
Other than the method this looks fine
Attachment #8403034 -
Flags: review?(gdestuynder) → review+
|
|
Assignee | |
Comment 4•11 years ago
|
||
(In reply to Guillaume Destuynder [:kang] (use NEEDINFO!) from comment #2)
> given that this is supposed to be used for desktop too, i would use method 2.
On desktop we'll hopefully have a more up-to-date toolchain.
|
|
Assignee | |
Comment 5•11 years ago
|
||
Fixed bug number in commit message; carrying over r+.
Attachment #8403034 -
Attachment is obsolete: true
Attachment #8404293 -
Flags: review+
|
|
Assignee | |
Updated•11 years ago
|
Keywords: checkin-needed
|
||
Comment 6•11 years ago
|
||
Keywords: checkin-needed
|
||
Comment 7•11 years ago
|
||
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla31
You need to log in
before you can comment on or make changes to this bug.
Description
•