Closed
Bug 1213998
Opened 9 years ago
Closed 7 years ago
chroot content processes on desktop Linux
Categories
(Core :: Security: Process Sandboxing, defect, P1)
Tracking
()
RESOLVED
FIXED
mozilla60
| Tracking | Status | |
|---|---|---|
| firefox60 | --- | fixed |
People
(Reporter: jld, Assigned: jld)
References
(Depends on 1 open bug, Blocks 3 open bugs)
Details
(Whiteboard: sb+)
Attachments
(1 file)
This is the desktop version of bug 1151632 — once all filesystem access is brokered (including local-domain sockets), then we can chroot the content process. (It should also be possible to unshare its network namespace at or before that point; if not, we'll need a separate bug, but I'll let whoever gets to that point decide how to handle it.) This will, in addition to being general defense-in-depth, prevent the socketpair/sendmsg interaction described in bug 1066750.
|
||
Updated•9 years ago
|
Whiteboard: sb+
|
Assignee | |
Comment 1•8 years ago
|
||
This might be doable now that filesystem brokering (bug 1289718) has landed. The one problem is if libraries are trying to use named Unix-domain sockets (but not the Linux “abstract namespace” extension; that's scoped to the network namespace instead) after sandbox startup, and I think PulseAudio typically does that.
As for comment #0's optimism about the network namespace: that's going to be blocked by PulseAudio (when configured for a remote audio server) and possibly also WebRTC. And maybe other things I'm forgetting right now. We didn't need direct network access for WebRTC on B2G, but that might have been using platform-specific code that didn't carry over to desktop; this needs more investigation.
Depends on: 1289718
|
|
Assignee | |
Updated•7 years ago
|
Assignee: nobody → jld
Priority: -- → P2
|
|
Assignee | |
Updated•7 years ago
|
| Comment hidden (mozreview-request) |
|
||
Comment 3•7 years ago
|
||
| mozreview-review | ||
Comment on attachment 8944637 [details]
Bug 1213998 - Apply chroot() to sandboxed content processes on Linux.
https://reviewboard.mozilla.org/r/214796/#review220576
Attachment #8944637 -
Flags: review?(gpascutto) → review+
|
|
Assignee | |
Updated•7 years ago
|
Priority: P2 → P1
|
||
Comment 4•7 years ago
|
||
We're sorry, Autoland could not rebase your commits for you automatically. Please manually rebase your commits and try again.
hg error in cmd: hg rebase -s a0df58d4ff29869d84436e3cde2a2f5f8a8c163f -d d727648d21a1: rebasing 445310:a0df58d4ff29 "Bug 1213998 - Apply chroot() to sandboxed content processes on Linux. r=gcp" (tip)
merging security/sandbox/linux/launch/SandboxLaunch.cpp
warning: conflicts while merging security/sandbox/linux/launch/SandboxLaunch.cpp! (edit, then use 'hg resolve --mark')
unresolved conflicts (see hg resolve, then hg rebase --continue)
| Comment hidden (mozreview-request) |
Pushed by jedavis@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/46c4a5ce6e0f
Apply chroot() to sandboxed content processes on Linux. r=gcp
|
||
Comment 7•7 years ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 7 years ago
status-firefox60:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla60
|
||
Updated•6 years ago
|
status-firefox44:
affected → ---
You need to log in
before you can comment on or make changes to this bug.
Description
•