Open Bug 1441993 Opened 7 years ago Updated 3 years ago

Block priority-inheriting futexes in sandboxed processes if possible

Tracking

()

Status:

NEW

People

(Reporter: jld, Unassigned)

References

Details

Jed Davis [:jld] ⟨⏰|UTC-7⟩ ⟦he/him⟧

Reporter

Description

•

7 years ago

There have been security bugs in priority-inheriting futexes in the past, and I don't think we actually use them, so we should consider using seccomp-bpf to limit the exposed attack surface of futex().

Jim Mathies [:jimm]

Updated

•

7 years ago

Priority: -- → P3

Jed Davis [:jld] ⟨⏰|UTC-7⟩ ⟦he/him⟧

Reporter

Comment 1

•

6 years ago

More recently, some of the media people have discussed (ab)using priority-inheriting futexes to transfer realtime priority into a sandboxed process (because sandboxing needs to block DBus which prevents asking RTkit directly, and RTkit will grant realtime priority only to a thread in the process that actually made the request, and my understanding is that having realtime priority for threads handling audio data is empirically a noticeable improvement). So we might not want to do this; note that the kernel bug that inspired this bug was fixed many years ago.

balsoft@balsoft.ru

Comment 2

•

4 years ago

There has been a new vulnerability exploiting PI futexes in the Linux kernel that allows non-root users to execute kernel-space code: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3347

BMO Automation

Updated

•

3 years ago

Severity: minor → S4

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Block priority-inheriting futexes in sandboxed processes if possible

Categories

(Core :: Security: Process Sandboxing, enhancement, P3)

Tracking

()

People

(Reporter: jld, Unassigned)

References

Details

Crash Data

Security

(public)

User Story

Description

Updated

Comment 1

Comment 2

Updated