Closed
Bug 1313218
Opened 8 years ago
Closed 8 years ago
LD_PRELOAD libmozsandbox.so instead of linking sandbox shims into plugin-container
Categories
(Core :: Security: Process Sandboxing, defect)
Tracking
()
RESOLVED
FIXED
mozilla52
| Tracking | Status | |
|---|---|---|
| firefox52 | --- | fixed |
People
(Reporter: jld, Assigned: jld)
References
Details
(Whiteboard: sb+)
Attachments
(1 file, 1 obsolete file)
|
(deleted),
patch
|
jld
:
review+
|
Details | Diff | Splinter Review |
(In reply to Mike Hommey [:glandium] from bug 1268733 comment #16) > Couldn't we also just have mozsandbox as a shared library, including the > hooks, and have GeckoChildProcessHost set LD_PRELOAD to point to it? I like this idea, but I didn't want to block bug 1268733 on it, so now it's a followup bug.
|
||
Updated•8 years ago
|
Whiteboard: sb+
|
Assignee | |
Updated•8 years ago
|
OS: Unspecified → Linux
|
|
Assignee | |
Comment 1•8 years ago
|
||
Looks like this needs peers from: sandboxing, build, and IPC.
Attachment #8806726 -
Flags: review?(wmccloskey)
Attachment #8806726 -
Flags: review?(mh+mozilla)
Attachment #8806726 -
Flags: review?(julian.r.hector)
|
||
Comment 2•8 years ago
|
||
Comment on attachment 8806726 [details] [diff] [review] bug1313218-sandbox-preload-hg1.diff Review of attachment 8806726 [details] [diff] [review]: ----------------------------------------------------------------- lgtm.
Attachment #8806726 -
Flags: review?(julian.r.hector) → review+
Attachment #8806726 -
Flags: review?(wmccloskey) → review+
|
||
Comment 3•8 years ago
|
||
Comment on attachment 8806726 [details] [diff] [review] bug1313218-sandbox-preload-hg1.diff Review of attachment 8806726 [details] [diff] [review]: ----------------------------------------------------------------- ::: ipc/glue/GeckoChildProcessHost.cpp @@ +843,5 @@ > > +#if defined(XP_LINUX) && defined(MOZ_SANDBOX) > + // Preload libmozsandbox.so so it can interpose sigprocmask et al. > + // (This could be made conditional on intent to use sandboxing, but > + // it's harmless for non-sandboxed processes.) You could even add that it was loaded before in every case anyways by being linked to the executable. @@ +855,5 @@ > + preload.Append(' '); > + preload.Append(oldPreload); > + } > + // Explicitly construct the std::string to make it clear that this > + // isn't retaining a pointer to the nsCString's buffer. FWIW, other places doing the same thing in the same file don't make it explicit. It's fine to make it explicit, but then, it should be explicit everywhere. Or just don't care and don't make it explicit.
Attachment #8806726 -
Flags: review?(mh+mozilla) → review+
|
|
Assignee | |
Comment 4•8 years ago
|
||
Rebased (trivial conflict with bug 1272062) and adjusted a comment slightly as suggested by glandium.
Attachment #8806726 -
Attachment is obsolete: true
Attachment #8807751 -
Flags: review+
|
|
Assignee | |
Comment 5•8 years ago
|
||
Try: https://treeherder.mozilla.org/#/jobs?repo=try&revision=7e4d9785ea0fb19ee237db83767b9026ca4bbcc0 (unsquashed, but the same changes).
Keywords: checkin-needed
Pushed by jedavis@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/97bf97176319 Preload libmozsandbox.so in child processes on Linux. r=tedd r=billm r=glandium
Keywords: checkin-needed
|
||
Comment 7•8 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/97bf97176319
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla52
You need to log in
before you can comment on or make changes to this bug.
Description
•