Re: firefox unveil and gpu pledge

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: firefox unveil and gpu pledge

Matthieu Herrb-3
On Sun, Sep 08, 2019 at 11:30:52AM -0500, joshua stein wrote:
> While fixing pledge for Firefox, I looked at adding unveil support
> to limit those big rpath/wpath/cpath pledges that each process still
> has.
>
> I also learned that the GPU process never got a pledge because
> Firefox doesn't do their internal sandboxing for it on any
> non-Windows platform.  This adds a pledge for that process as well,
> though it's not as small as one might hope.
>
Hi,

Thanks for working on this,

imho, it would be great if the unveil paths could obey
the XDG_{CACHE,CONFIG,DATA}_HOME variables.

On machines with NFS shared /home, I use those to keep the crap
in XDG_CACHE_HOME out of NFS and on some machines to keep a
separate configuration.

--
Matthieu Herrb

Reply | Threaded
Open this post in threaded view
|

Re: firefox unveil and gpu pledge

Theo de Raadt-2
Matthieu Herrb <[hidden email]> wrote:

> On Sun, Sep 08, 2019 at 11:30:52AM -0500, joshua stein wrote:
> > While fixing pledge for Firefox, I looked at adding unveil support
> > to limit those big rpath/wpath/cpath pledges that each process still
> > has.
> >
> > I also learned that the GPU process never got a pledge because
> > Firefox doesn't do their internal sandboxing for it on any
> > non-Windows platform.  This adds a pledge for that process as well,
> > though it's not as small as one might hope.
> >
> Hi,
>
> Thanks for working on this,
>
> imho, it would be great if the unveil paths could obey
> the XDG_{CACHE,CONFIG,DATA}_HOME variables.
>
> On machines with NFS shared /home, I use those to keep the crap
> in XDG_CACHE_HOME out of NFS and on some machines to keep a
> separate configuration.

Do be careful, I believe you are getting close to the number of vnodes
unveil will hold.  We could always increase it a little bit.

Also take note, I think pre-execve vnodes can also be loaded and will
stick around.... that might be a concern.