Bug 1581239 - Verify that sandboxed processes' access to /proc/self/fd is blocked. r=jld

Differential Revision: https://phabricator.services.mozilla.com/D46815 --HG-- extra : moz-landing-system : lando
2024-11-26 14:22:01 +00:00 · 2019-10-18 01:12:38 +00:00 · 2019-10-18 01:12:38 +00:00 · c92f1fd819
commit c92f1fd819
parent 1f9f60bf3d
1 changed files with 15 additions and 0 deletions
--- a/security/sandbox/test/browser_content_sandbox_fs.js
+++ b/security/sandbox/test/browser_content_sandbox_fs.js
@ -423,6 +423,21 @@ async function testFileAccess() {
    }
  }

+  // Test /proc/self/fd, because that can be used to unfreeze
+  // frozen shared memory.
+  if (isLinux()) {
+    let selfFdDir = GetDir("/proc/self/fd");
+
+    tests.push({
+      desc: "/proc/self/fd",
+      ok: false,
+      browser: webBrowser,
+      file: selfFdDir,
+      minLevel: isContentFileIOSandboxed(),
+      func: readDir,
+    });
+  }
+
  if (isMac()) {
    // Test if we can read from $TMPDIR because we expect it
    // to be within /private/var. Reading from it should be