Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-24 10:45:42 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
bf50533bd6
gecko-dev/security/sandbox/linux
History
Jed Davis 9bdbd2d99f Bug 1438389 - Quietly disallow chown() in sandboxed content processes. r=gcp 
Also covers fchownat() and attempts to be ready for newer archs like ARM64.

Bonus fix: extend bug 1354731 (mknod) fix to cover mknodat so this part
of the policy isn't glaringly inconsistent about "at" syscalls.

Tested locally by attaching gdb and injecting syscalls.

MozReview-Commit-ID: CCOk0jZVoG4

--HG--
extra : rebase_source : 1d0cafd9d91586eaec0233ff15b3bbb1ef7485f0
2018-02-15 16:10:00 -07:00
..
broker Bug 1386404 - Use the full tmpdir finding logic. r=jld 2018-01-30 21:31:07 +01:00
glue Bug 1435483 part 16. Switch to using dom::Exception, not nsIException, in C++ code. r=qdot 2018-02-05 16:34:05 -05:00
gtest Bug 1401062 - Delete the old namespace/chroot code and reorganize sandbox init. r=gcp 2017-08-31 20:38:25 -06:00
interfaces Bug 1286865 - Step 2: Add XPCOM bindings for sandbox syscall reporter. r=gcp r=glandium 2017-01-30 18:50:41 -07:00
launch Bug 1436882 - Fix termination signal when clone()ing child processes. r=gcp 2018-02-08 17:30:03 -07:00
reporter Bug 1328896 - Restrict fcntl() in sandboxed content processes. r=gcp 2017-07-24 17:33:07 -06:00
LinuxSched.h
moz.build Bug 1386019 - Also remove ALSA-related sandbox rules if ALSA is remoted. r=gcp 2018-01-23 22:37:45 -07:00
Sandbox.cpp Bug 1126437 - Reorganize content sandbox params extracted from libxul APIs. r=gcp 2018-01-23 22:35:44 -07:00
Sandbox.h Bug 1126437 - Reorganize content sandbox params extracted from libxul APIs. r=gcp 2018-01-23 22:35:44 -07:00
SandboxBrokerClient.cpp Backed out 3 changesets (bug 1380701, bug 1384804) 2017-08-24 15:02:48 -06:00
SandboxBrokerClient.h Backed out 3 changesets (bug 1380701, bug 1384804) 2017-08-24 15:02:48 -06:00
SandboxChrootProto.h Bug 1401062 - Create Linux child processes with clone() for namespace/chroot sandboxing. r=gcp 2017-10-06 17:16:41 -06:00
SandboxFilter.cpp Bug 1438389 - Quietly disallow chown() in sandboxed content processes. r=gcp 2018-02-15 16:10:00 -07:00
SandboxFilter.h Bug 1126437 - Reorganize content sandbox params extracted from libxul APIs. r=gcp 2018-01-23 22:35:44 -07:00
SandboxFilterUtil.cpp Bug 1425274 - Filter socketpair() in content sandbox on 32-bit x86 with new-enough kernels. r=gcp 2018-01-29 17:36:06 -07:00
SandboxFilterUtil.h Bug 1425274 - Filter socketpair() in content sandbox on 32-bit x86 with new-enough kernels. r=gcp 2018-01-29 17:36:06 -07:00
SandboxHooks.cpp Bug 1376910 - Remove SysV IPC access from Linux content sandbox when possible. r=gcp 2018-01-26 19:43:10 -07:00
SandboxInfo.cpp Bug 1434528 - Adjust sandbox feature detection to deal with Ubuntu guest accounts. r=gcp 2018-02-08 17:46:42 -07:00
SandboxInfo.h Backed out 1 changesets (bug 1365257) for failing gl in \build\build\src\obj-firefox\dist\include\mozilla/ServoStyleSet.h:97 r=backout on a CLOSED TREE 2017-11-10 19:23:58 +02:00
SandboxInternal.h
SandboxLogging.cpp
SandboxLogging.h
SandboxOpenedFiles.cpp Bug 1372428 - Extend file pre-opening for sandboxed media plugins. r=gcp 2017-07-07 08:58:50 -06:00
SandboxOpenedFiles.h Bug 1372428 - Extend file pre-opening for sandboxed media plugins. r=gcp 2017-07-07 08:58:50 -06:00
SandboxReporterClient.cpp Bug 1401062 - Avoid doing sandbox-related things to unsandboxed child processes. r=gcp 2018-01-09 19:54:56 -07:00
SandboxReporterClient.h Bug 1401062 - Avoid doing sandbox-related things to unsandboxed child processes. r=gcp 2018-01-09 19:54:56 -07:00