The code that's trying to open /etc/utmp, on a phone, from a sandboxed process: NSS, of course. https://dxr.mozilla.org/mozilla-central/source/security/nss/lib/freebl/unix_rand.c#847 …
-
-
@BRIAN_____@sleevi_ Thanks. I (mercifully) don't actually need to touch this code (yet?); I'm just boggling at the archaicness. -
@xlerb@BRIAN_____ Yeah. Wan-Teh and I wanted to simply "require /dev/urandom to always be present on Linux", but some concerns were raised -
@xlerb@BRIAN_____ Might fly now in the midst of the "cleanup all the things" charge of ekr/mt. For better sandbox sprt, let FD be supplied
End of conversation
New conversation -
-
-
@BRIAN_____@xlerb Nah, we just let all of those calls fail, which is fine as long as urandom works. Of course, getting urandom working -
@sleevi_@BRIAN_____ It's “successfully opening” /dev/urandom with help from seccomp-bpf and SCM_RIGHTS; inspired by Chromium. -
@xlerb@BRIAN_____ How are you opening? With the fopen() gross hack of Chromium? -
@sleevi_@BRIAN_____ Similar to chromium sandbox/linux/syscall_broker. Linux-only, so no need to work around OS X fd-passing bugs. -
@xlerb@BRIAN_____ Hook wasn't for OS X (that's easy to open sandbox). See https://code.google.com/p/chromium/codesearch#chromium/src/sandbox/linux/services/libc_urandom_override.cc&sq=package:chromium&q=fstat64&type=cs&l=1 … for the evil we wrought -
@sleevi_@BRIAN_____ Oh, I see. Yeah, none of that is needed if seccomp-bpf can be required. Fortunately it's not April 2012 anymore. (-: -
@xlerb@BRIAN_____ We use defense in depth. setuid + bpf :) -
@sleevi_@BRIAN_____ Or not setuid; if unprivileged user namespaces work, chrome-sandbox can literally be a symlink to /bin/false. (-: - 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.