948779 - B2G with Nuwa starts sandbox before uid/gid privs are dropped

Status: RESOLVED DUPLICATE of bug 967967

(Core :: IPC, defect)

Description

[Jed Davis [:jld] ⟨⏰|UTC-7⟩ ⟦he/him⟧]

The fix for bug 921817 isn't quite right with Nuwa enabled — we seem to reach that code with mOSPrivileges == base::PRIVILEGES_DEFAULT while the process has uid 0, even for a preallocated process (which is supposed to have uid 0 at that point).  This results in enabling the sandbox before calling setuid/setgid, which aren't in the whitelist.

We appear to bypass Nuwa if a preallocated grandchild process isn't available, so I don't know what should happen in the non-prealloc-Nuwa case.

Also, the app crash seems to make the homescreen completely unusable and requires a Gecko restart or reboot, but that may be a separate bug.

Comment 1

[Jed Davis [:jld] ⟨⏰|UTC-7⟩ ⟦he/him⟧]

Oops.  Bug 967967 is the same issue.  I *thought* it seemed familiar when I was investigating it.  Dup'ing onto the newer bug because it has more up-to-date discussion and, more importantly, the fix.