Turn X11 access back off in the RDD process
Categories
(Core :: Security: Process Sandboxing, task)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox-esr91 | --- | unaffected |
| firefox101 | --- | unaffected |
| firefox102 | --- | fixed |
| firefox103 | --- | fixed |
People
(Reporter: jld, Assigned: jld)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
|
(deleted),
text/x-phabricator-request
|
pascalc
:
approval-mozilla-beta+
|
Details |
Thanks to bug 1769499, the RDD process can now use EGL without needing a connection to the display server (only the ability to open the GPU devices), which means that the X server access added in bug 1769182 can be turned back off (and we won't need to do anything else for Wayland).
|
Assignee | |
Comment 1•2 years ago
|
||
The patch for bug 1769499 lets the RDD process create a headless EGL
context using GBM, which needs access only to the GPU device files, not
the display server. This means that the X11 access recently added in
bug 1769182 can be turned back off.
|
|
Assignee | |
Comment 2•2 years ago
|
||
Note to self: we could perhaps uplift this to 102, because it shouldn't affect anything (VA-API support is preffed off, and I'd have to check the exact times when things landed but I think it's broken either way), and allowing X11 is a significant security issue, even given that the RDD process is less exposed to exploits.
|
||
Comment 4•2 years ago
|
||
Yes, it should be possible to uplift this without problem.
https://hg.mozilla.org/mozilla-central/log?rev=stransky
bug 1724385 (98) started using X11 GL in RDD.
bug 1769499 (102, 2022-05-19) switched from X11 GL to headless GBM GL.
bug 1769182 (102, 2022-05-20) allowed X11 GL in RDD.
bug 1770407 (102, 2022-05-29) removed headless GBM GL and switched to headless MESA_platform_surfaceless GL.
bug 1765350 (103) fixed a MOZ_DIAGNOSTIC_ASSERT.
|
||
Comment 5•2 years ago
|
||
| bugherder | ||
|
|
||
Updated•2 years ago
|
|
|
Assignee | |
Comment 6•2 years ago
|
||
Comment on attachment 9278989 [details]
Bug 1770523 - Return to not allowing X11 access in the RDD process.
Beta/Release Uplift Approval Request
- User impact if declined: Weaker sandboxing for media decoding on Linux.
- Is this code covered by automated tests?: Yes
- Has the fix been verified in Nightly?: Yes
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): This has been on Nightly for over 2 weeks, and it was the status quo for many release cycles before bug 1769182 landed.
Also, while comment #4 correctly documents that the changes which made X11 access unneeded for VA-API are on the 102 branch, and therefore that this is safe to uplift, I should also mention that VA-API is preffed off on 102 (and in fact is still Nightly-only), so there's another layer of protection from regressions.
- String changes made/needed: none
- Is Android affected?: No
|
||
Comment 7•2 years ago
|
||
Comment on attachment 9278989 [details]
Bug 1770523 - Return to not allowing X11 access in the RDD process.
Approved for landing on the beta branch before Monday merge, it will be in the release candidate.
|
|
||
Comment 8•2 years ago
|
||
| bugherder uplift | ||
|
||
Updated•2 years ago
|
Description
•