Tree - rpms/firefox - src.fedoraproject.org

rpms / firefox

Overview Files Commits Branches Forks Releases
Monitoring status:

Bugzilla Assignee:

Fedora:: gecko-maint
EPEL:: gecko-maint
Files

Commit: b65f309bcd70b159991e7924a19ae48655f764b5
Blob Blame History Raw
diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@@ -699,10 +699,18 @@
   Maybe<ResultExpr> EvaluateSocketCall(int aCall,
                                        bool aHasArgs) const override {
     switch (aCall) {
       case SYS_RECVMSG:
       case SYS_SENDMSG:
+        // These next four aren't needed for IPC or other core
+        // functionality at the time of this writing, but they're
+        // subsets of recvmsg/sendmsg so there's nothing gained by not
+        // allowing them here (and simplifying subclasses).
+      case SYS_RECVFROM:
+      case SYS_SENDTO:
+      case SYS_RECV:
+      case SYS_SEND:
         return Some(Allow());
 
       case SYS_SOCKETPAIR: {
         // We try to allow "safe" (always connected) socketpairs when using the
         // file broker, or for content processes, but we may need to fall back
@@ -1253,12 +1261,10 @@
   ~ContentSandboxPolicy() override = default;
 
   Maybe<ResultExpr> EvaluateSocketCall(int aCall,
                                        bool aHasArgs) const override {
     switch (aCall) {
-      case SYS_RECVFROM:
-      case SYS_SENDTO:
       case SYS_SENDMMSG:  // libresolv via libasyncns; see bug 1355274
         return Some(Allow());
 
 #ifdef ANDROID
       case SYS_SOCKET:
@@ -1268,18 +1274,21 @@
       case SYS_CONNECT:
         if (BelowLevel(4)) {
           return Some(Allow());
         }
         return SandboxPolicyCommon::EvaluateSocketCall(aCall, aHasArgs);
-      case SYS_RECV:
-      case SYS_SEND:
+
+        // FIXME (bug 1761134): sockopts should be filtered
       case SYS_GETSOCKOPT:
       case SYS_SETSOCKOPT:
+        // These next 3 were needed for X11; they may not be needed
+        // with X11 lockdown, but there's not much attack surface here.
       case SYS_GETSOCKNAME:
       case SYS_GETPEERNAME:
       case SYS_SHUTDOWN:
         return Some(Allow());
+
       case SYS_ACCEPT:
       case SYS_ACCEPT4:
         if (mUsingRenderDoc) {
           return Some(Allow());
         }
@@ -1908,26 +1917,19 @@
   }
 
   Maybe<ResultExpr> EvaluateSocketCall(int aCall,
                                        bool aHasArgs) const override {
     switch (aCall) {
+      case SYS_SOCKET:
+      case SYS_CONNECT:
       case SYS_BIND:
         return Some(Allow());
 
-      case SYS_SOCKET:
-        return Some(Allow());
-
-      case SYS_CONNECT:
-        return Some(Allow());
-
-      case SYS_RECVFROM:
-      case SYS_SENDTO:
+        // FIXME(bug 1641401) do we really need this?
       case SYS_SENDMMSG:
         return Some(Allow());
 
-      case SYS_RECV:
-      case SYS_SEND:
       case SYS_GETSOCKOPT:
       case SYS_SETSOCKOPT:
       case SYS_GETSOCKNAME:
       case SYS_GETPEERNAME:
       case SYS_SHUTDOWN:
rpms / firefox

Source Code

Files
