Closed
Bug 1140111
Opened 10 years ago
Closed 10 years ago
readlink() is not white listed by sandbox on Lollipop Gonk
Categories
(Core :: Security: Process Sandboxing, defect)
Tracking
()
People
(Reporter: sotaro, Assigned: jld)
References
Details
Crash Data
Attachments
(1 file)
(deleted),
patch
|
kang
:
review+
sotaro
:
feedback+
bajaj
:
approval-mozilla-b2g37+
|
Details | Diff | Splinter Review |
readlink() is white listed by Bug 974227. But it seems not work on Lollipop Gonk.
See Bug 1137515 comment 14.
Assignee | ||
Comment 2•10 years ago
|
||
Simple patch is simple; rs?(kang).
Sotaro, can you verify that this patch fixes the crash? I have a Lollipop-capable device, but it looks like there are other patches needed to make WebRTC work on Lollipop in order to reproduce this bug.
Assignee: nobody → jld
Attachment #8573646 -
Flags: review?(gdestuynder)
Attachment #8573646 -
Flags: feedback?(sotaro.ikeda.g)
Updated•10 years ago
|
blocking-b2g: 2.2? → 2.2+
Comment on attachment 8573646 [details] [diff] [review]
Patch: whitelist readlinkat.
Review of attachment 8573646 [details] [diff] [review]:
-----------------------------------------------------------------
rather similar risk with both readlink/readlinkat
Attachment #8573646 -
Flags: review?(gdestuynder) → review+
Reporter | ||
Comment 4•10 years ago
|
||
Comment on attachment 8573646 [details] [diff] [review]
Patch: whitelist readlinkat.
Thanks! I confirmed the fix by applying the patch.
Attachment #8573646 -
Flags: feedback?(sotaro.ikeda.g) → feedback+
Assignee | ||
Comment 5•10 years ago
|
||
Component: Security → Security: Process Sandboxing
Keywords: checkin-needed
Comment 6•10 years ago
|
||
Keywords: checkin-needed
Comment 7•10 years ago
|
||
Status: NEW → RESOLVED
Closed: 10 years ago
status-firefox39:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla39
Assignee | ||
Updated•10 years ago
|
Crash Signature: [@ libnss3.so@0x2efbb ]
Assignee | ||
Updated•10 years ago
|
Crash Signature: [@ libnss3.so@0x2efbb ] → [@ libnss3.so@0x2efbb ]
[@ readlinkat ]
Reporter | ||
Updated•10 years ago
|
status-b2g-v2.2:
--- → affected
Reporter | ||
Comment 8•10 years ago
|
||
Jed, could the patch be uplifted to b2g v2.2?
Flags: needinfo?(jld)
Updated•10 years ago
|
Assignee | ||
Comment 9•10 years ago
|
||
(In reply to Sotaro Ikeda [:sotaro] from comment #8)
> Jed, could the patch be uplifted to b2g v2.2?
Yes. It will merge more cleanly if the patch from bug 1134942 is uplifted first — and I think we'd need that one on v2.2 as well, if we're supporting Lollipop there?
Flags: needinfo?(jld)
Assignee | ||
Comment 10•10 years ago
|
||
(In reply to Jed Davis [:jld] from comment #9)
> (In reply to Sotaro Ikeda [:sotaro] from comment #8)
> > Jed, could the patch be uplifted to b2g v2.2?
>
> Yes.
…on second thought, I should do a try run to make sure the new syscall names don't break any of the builds; there are some changes to the Chromium headers that I think weren't on the 37 branch.
Reporter | ||
Comment 11•10 years ago
|
||
Yes, lollipos support of b2g-v2.2 is necessary. Bug 1094121 is a meta bug of supporting lollipop.
- Bug 1094121 - (gonk-L) [meta] Android L Porting for B2G
Assignee | ||
Comment 12•10 years ago
|
||
Comment on attachment 8573646 [details] [diff] [review]
Patch: whitelist readlinkat.
NOTE: please apply this patch after the one from bug 1134942 to avoid unnecessary merge conflicts.
[Approval Request Comment]
Bug caused by (feature/regressing bug #): bug 1094121
User impact if declined: App crashes and test failures on B2G Lollipop; WebRTC and window.crypto.subtle are known to be affected.
Testing completed: https://treeherder.mozilla.org/#/jobs?repo=try&revision=9f3a4230cd05
Risk to taking this patch (and alternatives if risky): None; it just causes system calls to succeed that would previously result in a crash.
String or UUID changes made by this patch: None.
Attachment #8573646 -
Flags: approval-mozilla-b2g37?
Assignee | ||
Comment 13•10 years ago
|
||
(In reply to Jed Davis [:jld] from comment #12)
> Testing completed:
> https://treeherder.mozilla.org/#/jobs?repo=try&revision=9f3a4230cd05
Also, built locally for nexus-5-l and verified it fixes bug 1141472.
Updated•10 years ago
|
Attachment #8573646 -
Flags: approval-mozilla-b2g37? → approval-mozilla-b2g37+
Comment 14•10 years ago
|
||
You need to log in
before you can comment on or make changes to this bug.
Description
•