Open
Bug 1198401
Opened 9 years ago
Updated 2 years ago
Content process opens time zone data while sandboxed
Categories
(Core :: Security: Process Sandboxing, defect, P3)
Tracking
()
NEW
Tracking | Status | |
---|---|---|
firefox43 | --- | affected |
People
(Reporter: jld, Unassigned)
References
Details
(Whiteboard: sb+)
Calling localtime() and similar functions causes libc to open the files containing the time zone data. Chromium intercepts the library call and remotes it (https://crbug.com/16800) to avoid this, because they hadn't invented seccomp-bpf yet.
To get bug 930258 landed we can remote the file open instead, but on B2G we'll have to have entries for /system/usr/share/zoneinfo/tzdata and /system//usr/share/zoneinfo/tzdata (with extra slash) because the code that does the open changed in Lollipop[*] and the file broker currently doesn't try to normalize or interpret paths from the (untrusted!) client before checking the policy.
[*] https://android.googlesource.com/platform/bionic.git/+/cf178bf7d0300edfeec3%5E!/
As for desktop, I can *hope* content will only ever need to open "/etc/localtime", but I may be disappointed.
Longer-term we might prefer higher-level remoting like what Chromium does.
Updated•9 years ago
|
Whiteboard: sb+
Comment 1•7 years ago
|
||
We currently allow /etc access read only.
https://dxr.mozilla.org/mozilla-central/rev/52285ea5e54c73d3ed824544cef2ee3f195f05e6/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp#101
Priority: -- → P3
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•