Closed
Bug 971370
Opened 11 years ago
Closed 11 years ago
Errors in seccomp whitelist due to bug in strace (msgget, recv, getdents64)
Categories
(Core :: Security, defect)
Tracking
()
RESOLVED
FIXED
mozilla30
People
(Reporter: jld, Assigned: jld)
References
Details
Attachments
(1 file)
|
2.95 KB,
patch
|
kang
:
review+
|
Details | Diff | Splinter Review |
I'm not sure why we're whitelisting msgget. The only code in Gecko that currently uses it is sipcc in webrtc, which doesn't work in any case because of msgsnd/msgrcv (and maybe msgctl?), and there are plans to replace that code (see bug 966547). It seems to be possible to remove it without breaking things — and I can't imagine how it could be useful without the rest of the msg* family — but that should probably be tested a little more.
|
Assignee | |
Comment 1•11 years ago
|
||
Yes, we can. It's a bug in strace. I "enhanced" it to display the syscall numbers along with the names; here are two representative lines:
msgget=263(0x1, 0xbebcfee8, 0, 0x1) = 0
semget=252(0x15, 0xbebcfdc8, 0x10, 0) = 0
Here are the actual syscalls:
#define __NR_clock_gettime (__NR_SYSCALL_BASE+263)
#define __NR_epoll_wait (__NR_SYSCALL_BASE+252)
This would also explain why the mysterious alleged msgget calls continued after de-whitelisting msgget, and why semget (which has never been whitelisted, I think?) appears.
(This might also explain some of the "ptrace: umoven: ..." errors I've seen, if strace's syscall confusion is such that it sometimes treats an argument as a string or otherwise passed in memory when it's not actually a pointer.)
Assignee: nobody → jld
|
|
Assignee | |
Comment 2•11 years ago
|
||
It gets worse.
recv=240(1076905460, ptrace: umoven: I/O error
getdents64=220(0x471e4000, 0x2000, 0x4, 0xb36) = 0
#define __NR_futex (__NR_SYSCALL_BASE+240)
#define __NR_madvise (__NR_SYSCALL_BASE+220)
The getdents64 thing makes sense if it's using the i386 syscall table on ARM (!!!!!), but there's something else going on with everything ipc-related -- I'd guess it's something to do with Linux/i386's multiplexed "ipc" syscall (because i386 syscall 240 is also futex).
I *think* that's all of it.
Summary: Can we remove msgget from the seccomp whitelist? → Errors in seccomp whitelist due to bug in strace (msgget, recv, getdents64)
|
|
Assignee | |
Comment 3•11 years ago
|
||
But we actually do use getdents64.
0 libc.so + 0xc808
1 libc.so!readdir [opendir.c : 145 + 0x5]
2 libxul.so!nsDirEnumeratorUnix::GetNextEntry() [nsLocalFileUnix.cpp : 176 + 0x5]
3 libxul.so!nsDirEnumeratorUnix::Init(nsLocalFile*, bool) [nsLocalFileUnix.cpp : 148 + 0x7]
4 libxul.so!nsLocalFile::GetDirectoryEntries(nsISimpleEnumerator**) [nsLocalFileUnix.cpp : 1722 + 0xb]
5 libxul.so!mozHunspell::LoadDictionariesFromDir(nsIFile*) [mozHunspell.cpp : 470 + 0x3]
6 libxul.so!mozHunspell::LoadDictionaryList() [mozHunspell.cpp : 400 + 0x9]
7 libxul.so!mozHunspell::Init() [mozHunspell.cpp : 124 + 0x3]
8 libxul.so!mozHunspellConstructor [mozSpellCheckerFactory.cpp : 27 + 0xd]
|
|
Assignee | |
Comment 4•11 years ago
|
||
Attachment #8375098 -
Flags: review?(gdestuynder)
Comment on attachment 8375098 [details] [diff] [review]
bug971370-strace-considered-harmful-hg0.diff
Review of attachment 8375098 [details] [diff] [review]:
-----------------------------------------------------------------
yep that strace got me .. :(
Attachment #8375098 -
Flags: review?(gdestuynder) → review+
|
|
Assignee | |
Comment 6•11 years ago
|
||
Try is no more broken than without this patch: https://tbpl.mozilla.org/?tree=Try&rev=1eaa6ae53859
Keywords: checkin-needed
|
||
Comment 7•11 years ago
|
||
Keywords: checkin-needed
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla30
You need to log in
before you can comment on or make changes to this bug.
Description
•