Firefox sandboxing syscalls
 Share
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

View only
 
 
ABCDEFGHIJKLMNOPQRSTUVWXYZAAABACADAEAFAGAHAI
1
Component(s)
Assignee
Risk
Milestone
Syscall
x86_32
x86_64
ARM 32
ARM 64
PlatformRestrictionRuleWhitelistNew WorkComment
2
Kill
3
LOW__NR_tgkillxxxxarg(0) == getpid()send a signal to a thread
4
gcpHIGH2__NR_killxxxxDESKTOP? can we restrict to 0block the api and see what breaks
5
LOW__NR_rt_tgsigqueueinfoxxxxDESKTOParg(0) == getpid()1275920
send a signal to a thread with RT queueing stuff
6
7
Get time
8
LOW__NR_gettimeofdayxxxx
9
LOW__NR_timexx
10
LOW__NR_clock_gettimexxxx
whitelist of clocks excludes encoded pid/tid forms
clockid_t can encode a pid or tid (or fd); should use minimal whitelist or at least block pid/tid forms
11
MED3__NR_clock_getresxxxxDESKTOP1294286see clock_gettime
12
13
Current directory
14
MED__NR_getcwdxxxxDESKTOP
do we need anything here?
will fail with ENOENT once we do broker+chroot; could fake it with seccomp-bpf, but, why?
15
16
Umask
17
AudiogcpMED2__NR_umaskxxxxDESKTOPblock the api and see what breaks
18
19
File system
20
LOW__NR_accessxxxbrokeredbroker policy (bug 1289718)
checking for read access, searching for mime handers
21
LOW__NR_faccessatxxxxbrokeredbroker policy (bug 1289718)
check user's permissions of a file relative to a directory file descriptor
22
HIGH2__NR_chmodxxxDESKTOPpatch readyneeds brokering path + flags (no exec)
23
libuim-mozc (JP, IME)HIGH2__NR_linkxxxDESKTOPpatch ready1285827
remove or broker? might not happen anymore since "vfork" patch
24
LOW__NR_lstatxxxbrokeredbroker policy (bug 1289718)
25
AudiogcpMED2__NR_mkdirxxxDESKTOPpatch ready1104619creating directories in temp, needs brokering
26
WebRTC, NSS, ContentHIGH2, 3__NR_openxxxbrokeredbroker policy (bug 1289718)995067, 964500, 922481
27
HIGH2, 3__NR_openatxxxxbrokeredbroker policy (bug 1289718)open a file relative to a directory file descriptor
28
MED3__NR_readlinkxxxpatch ready
EINVAL on B2G, (soon) allow on Desktop
broker and see what's using it / why
29
MED3__NR_readlinkatxxxx
EINVAL on B2G, (soon) allow on Desktop
broker and see what's using it / why
30
AudioHIGH2__NR_renamexxxDESKTOPpatch ready1104619needs brokering
31
HIGH2__NR_rmdirxxxDESKTOPpatch readyneeds brokering
32
LOW__NR_statxxxbrokeredENOENT (on ASAN)
33
LOW__NR_stat64xxbrokeredENOENT (on ASAN)
34
LOW__NR_lstat64xxbrokered
35
LOW__NR_fstatat64xxbrokered
36
LOW__NR_newfstatatxxbrokered
37
AudioHIGH2__NR_symlinkxxxDESKTOPpatch readybroker policy (bug 1289718)1104619remove or broker?
38
Chromium shmem IPCHIGH2__NR_unlinkxxxDESKTOPpatch readybroker policy (bug 1289718)1259273
remove or broker? — jld has an idea about tempfiles
39
MED2__NR_utimesxxxDESKTOPremoved from wlblock the api and see what breaks
40
MED2__NR_utimexx1294528jar file related?
41
GraphicsLOW__NR_memfd_createxxxDESKTOP1285507
should migrate other tempfiles *to* this if possible
42
libfontconfigLOW__NR_statfsxxxxDESKTOP1276470
43
LOW__NR_statfs64xxDESKTOP
44
45
File system access via fd
46
LOW__NR_fstatxxxx
47
LOW__NR_fstat64xx
48
libfontconfigLOW__NR_fadvise64xxDESKTOP1286185
49
LOW__NR_fadvise64_64xDESKTOP1287008
50
libfontconfigLOW__NR_fstatfsxxxxDESKTOP1285293
51
LOW__NR_fstatfs64xxDESKTOP1285293
52
LOW__NR_fsyncxxxx
synchronize a file's in-core state with storage device
53
glib, printingMED4__NR_fallocatexxxxDESKTOP1285770mitigated by open restrictions
54
MED4__NR_fchmodxxxxDESKTOP
55
MED4__NR_fchownxxxxDESKTOP
56
MED4__NR_ftruncatexxxx
57
AudioMED4__NR_fchown32xxDESKTOP1286413
58
MED4__NR_ftruncate64xx
59
HIGH2__NR_getdentsxxx1294288needs investigation
60
HIGH2__NR_getdents64xxxx1294288
61
Graphics__NR_flockxxxxDESKTOP1295190
62
63
Get simple ID
64
LOW__NR_getegidxxxx
65
LOW__NR_geteuidxxxx
66
LOW__NR_getgidxxxx
67
LOW__NR_getpidxxxx
68
GraphicsLOW__NR_getppidxxxxDESKTOPreturn 01285768
69
LOW__NR_getresgidxxxxDESKTOP
70
LOW__NR_gettidxxxx
71
LOW__NR_getegid32x
72
LOW__NR_geteuid32x
73
LOW__NR_getgid32x
74
LOW__NR_getuidxxxx
75
LOW__NR_getresuidxxxxDESKTOP
76
LOW__NR_getresgid32xxDESKTOP
77
WidgetLOW__NR_getresuid32xxDESKTOP1285287
78
LOW__NR_getuid32xx
79
80
Signal handling
81
LOW__NR_rt_sigactionxxxx
82
LOW__NR_sigactionxx
83
LOW__NR_rt_sigprocmaskxxxx
84
LOW__NR_sigprocmaskxx
85
LOW__NR_rt_sigreturnxxxx
86
LOW__NR_sigreturnxx
87
LOW__NR_sigaltstackxxxx
88
89
Operation on fd
90
LOW__NR_closexxxx
91
LOW__NR_dupxxxx
92
LOW__NR_shutdownxxxDESKTOPshould investigate what is using this
93
MED3__NR_fcntlxxxx
Warning: you can send signals; investigate which fcntls we actually use
94
MED3__NR_fcntl64xx
whitelisting will probably be enough, but brokering may be possible if needed
95
96
Kernel internal API
97
LOW__NR_restart_syscallxxxx
“Called” from filter's point of view when process is being debugged
98
99
Process start or death
100
LOW__NR_exitxxxxTerminates calling thread
Loading...