Closed
Bug 1014107
Opened 11 years ago
Closed 8 years ago
open("/proc/cpuinfo") in Skia breaks seccomp
Categories
(Core :: Security: Process Sandboxing, defect)
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: arroway, Unassigned)
References
Details
(Whiteboard: sb-)
In gfx/skia/trunk/src/core/SkUtilsArm.cpp, the function sk_cpu_arm_check_neon opens "/cpu/procinfo".
It also calls android_getCpuFeatures performing the same kind of action on Android.
It looks like it is yet another external library we can't modify to manually remote open calls (cf gfx/skia/README_MOZILLA).
|
||
Updated•11 years ago
|
|
|
||
Updated•10 years ago
|
|
|
||
Comment 1•10 years ago
|
||
Move process sandboxing bugs to their new, separate component.
(Sorry for the bugspam; filter on 3c21328c-8cfb-4819-9d88-f6e965067350.)
Component: Security → Security: Process Sandboxing
|
||
Updated•9 years ago
|
Whiteboard: sb-
|
|
||
Updated•9 years ago
|
Summary: open("/cpu/procinfo") in Skia breaks seccomp → open("/proc/cpuinfo") in Skia breaks seccomp
|
||
Comment 2•9 years ago
|
||
With recent Skia updates, we have modified Skia to use our own mozilla::supports_neon() call instead of using Skia's own checking. This theoretically should resolve this problems on Android builds. Does it look okay now?
Flags: needinfo?(stephouillon)
|
Reporter | |
Comment 3•9 years ago
|
||
Julian, could you have a look? I looked quickly at the code, but I'm behind regarding the last changes in the sandbox. Please forward if you know a better person.
Thx!
Flags: needinfo?(stephouillon) → needinfo?(julian.r.hector)
|
||
Comment 4•9 years ago
|
||
Sure I can take a look, but how can it violate seccomp. Unless it is the b2g emulator, all the other platforms either don't have seccomp enabled or sys_open() is whitelisted. Where did you encounter this?
Flags: needinfo?(julian.r.hector) → needinfo?(stephouillon)
|
|
||
Comment 5•9 years ago
|
||
This is one of the B2G “reduce filesystem whitelist” bugs — it's an issue that's not breaking things currently, but it would block removing a whitelist entry. Rewording the summaries for this kind of bug might make that clearer.
|
|
||
Comment 6•9 years ago
|
||
Ok thanks :jld, I think this is not an issue right now, and we probably have to handle sys_open slightly different on desktop.
Flags: needinfo?(stephouillon)
|
|
||
Comment 7•8 years ago
|
||
B2G-specific sandboxing bugs are WONTFIX. (I'm reasonably sure these bugs don't have implications for other platforms, but comment if I missed something.)
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•