Closed Bug 1383888 Opened 7 years ago Closed 7 years ago

readlinkat is unconditionally allowed in content processes

Categories

(Core :: Security: Process Sandboxing, defect, P2)

Product:
Core
Component:
Security: Process Sandboxing
Platform:
Unspecified
Linux
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla56
Tracking Flags:
Tracking Status
firefox57 --- fixed

People

(Reporter: jld, Assigned: jld)

References

Details

(Whiteboard: sb+)

Attachments

(1 file)

Bug 1383888 - Restrict sandboxed readlinkat() the same as readlink().
(deleted), text/x-review-board-request
gcp
: review+
Details
readlink is intercepted and passed to the file broker, but readlinkat is still allowed with any arguments; basically, this means that "read access restrictions" don't apply to readlink. If it's used only with AT_FDCWD, then it should be a simple change to handle it the same way as the other *at syscalls.
Flags: needinfo?(jld)
Whiteboard: sb+
Target Milestone: --- → mozilla56
Priority: -- → P2
Assignee: nobody → jld
Flags: needinfo?(jld)
Comment on attachment 8901387 [details] Bug 1383888 - Restrict sandboxed readlinkat() the same as readlink(). https://reviewboard.mozilla.org/r/172842/#review179626
Attachment #8901387 - Flags: review?(gpascutto) → review+
Pushed by jedavis@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/59db725def82 Restrict sandboxed readlinkat() the same as readlink(). r=gcp
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: