[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [opensuse-security] Firefox access demands



Am 16.09.2014 um 07:56 schrieb Wolfgang Rosenauer:
> Hi,
> 
> Am 16.09.2014 um 07:44 schrieb Marcus Meissner:
>> On Mon, Sep 15, 2014 at 07:36:41PM +0200, pinguin74 wrote:
>>> Hello,
>>>
>>> I just see, Firefox wants to acces /proc/tty/drivers and asks for PTRACE
>>> use.
>>>
>>> Is it safe to grant this access? What are the risks connected to
>>> accessing these things? Currently Firefox seem to work well without
>>> granting these things...
>>
>> I do not see why it would need it.
>>
>> You can always disable it and see what happens? :)
>>
>> ptrace is dangerous as it allows to control all other processes of
>> the same UID.
> 
> From a very quick scan of the Firefox sources I can find basically two
> possibilities:
> - builtin stack unwinding (in crashreporter/breakpad and ?libstagefright?
> - sandbox (from FF 33 up)

This is obviously only the Mozilla code. The access could be done from an
external lib as well I guess.


Wolfgang

-- 
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-security+owner@xxxxxxxxxxxx