firefox & pledge debugging

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

firefox & pledge debugging

Landry Breuil-5
Hi,

so i've had various reports from confused ppl about pledge in firefox.
Here's more info on how you can be helpful when reporting issues:

The default pledges are set in about:config (via
www/mozilla-firefox/files/all-openbsd.js) and are:

pref("security.sandbox.pledge.main","stdio rpath wpath cpath inet proc exec prot_exec flock ps sendfd recvfd dns vminfo tty drm unix fattr");
pref("security.sandbox.pledge.content","stdio rpath wpath cpath inet recvfd sendfd prot_exec unix drm ps");

Those are the ones you can tweak for now via about:config at runtime (or vi
~/.mozilla/firefox/$YOURPROFILE/prefs.js if it doesnt start)

If you want to disable a pledge, put a random invalid string in the config key.
Of course, you'll get zero support from me.

I've been using those without issues for the past two weeks, but always in a
desktop environment (Xfce). For some of you who don't run desktop sessions and
have no dbus-daemon running, maybe you should start it somehow within your
session, otherwise the content process seems to try spawning it via glib at the
first use, and gets killed as it has no 'proc' or 'exec' rights. Tough luck.

If you get an abort from pledge, collect:
- what you were doing, on which website, etc etc
- firefox stdout, to figure out the various processes/pids running
- what process was killed, for which syscall (ie in dmesg)
- have a look at ~/firefox.core via egdb, try to get a meaningful trace of the
  codepath that triggered the pledge. There might be dragons/hidden signal
handlers.
- try to reproduce the crash inside ktrace/kdump (ie start ffx via 'ktrace -di
  -t cp -- firefox', thx kn@)
- the codebase is huge, but try to figure out where that codepath is.
  https://dxr.mozilla.org/mozilla-release/source/ is here for that
- try adding a missing pledge. There are already many (way too many, some might
  say), but maybe some are missing for valid usecases. I don't know, i don't
have such usecases. Those WFM.

All that to say, please try to figure out stuff by yourself before sending me
sparse info that wont help at all.

Thx

Landry

Reply | Threaded
Open this post in threaded view
|

Re: firefox & pledge debugging

Stuart Henderson
"Right-click, save page as" fails every time here. The main process is
killed with getpw pledge.

Debug information below, but considering the main process already
has things like rpath and exec, I don't think "read-only opening of
files in /etc for the getpwnam(3), getgrnam(3), getgrouplist(3), and
initgroups(3) family of functions" makes things any worse, so OK to add
getpw?

Index: Makefile
===================================================================
RCS file: /cvs/ports/www/mozilla-firefox/Makefile,v
retrieving revision 1.350
diff -u -p -r1.350 Makefile
--- Makefile 11 May 2018 20:09:01 -0000 1.350
+++ Makefile 16 May 2018 12:13:08 -0000
@@ -9,6 +9,7 @@ MOZILLA_VERSION = 60.0
 MOZILLA_BRANCH = release
 MOZILLA_PROJECT = firefox
 MOZILLA_CODENAME = browser
+REVISION = 0
 
 WRKDIST = ${WRKDIR}/${MOZILLA_DIST}-${MOZILLA_DIST_VERSION:C/b[0-9]*//}
 HOMEPAGE = https://www.mozilla.org/firefox/
Index: files/all-openbsd.js
===================================================================
RCS file: /cvs/ports/www/mozilla-firefox/files/all-openbsd.js,v
retrieving revision 1.5
diff -u -p -r1.5 all-openbsd.js
--- files/all-openbsd.js 11 May 2018 20:00:57 -0000 1.5
+++ files/all-openbsd.js 16 May 2018 12:13:08 -0000
@@ -7,7 +7,7 @@ pref("browser.safebrowsing.malware.enabl
 pref("spellchecker.dictionary_path", "${LOCALBASE}/share/mozilla-dicts/");
 // enable pledging the content process
 pref("security.sandbox.content.level", 1);
-pref("security.sandbox.pledge.main","stdio rpath wpath cpath inet proc exec prot_exec flock ps sendfd recvfd dns vminfo tty drm unix fattr");
+pref("security.sandbox.pledge.main","stdio rpath wpath cpath inet proc exec prot_exec flock ps sendfd recvfd dns vminfo tty drm unix fattr getpw");
 pref("security.sandbox.pledge.content","stdio rpath wpath cpath inet recvfd sendfd prot_exec unix drm ps");
 pref("extensions.pocket.enabled", false);
 pref("browser.newtabpage.activity-stream.feeds.section.topstories", false);


 89056 firefox  RET   kbind 0
 89056 firefox  RET   clock_gettime 0
 89056 firefox  CALL  kbind(0x7f7ffffcb360,24,0x93525348bc1e3741)
 89056 firefox  CALL  clock_gettime(CLOCK_MONOTONIC,0x10207f88da68)
 89056 firefox  RET   clock_gettime 0
 89056 firefox  RET   kbind 0
 89056 firefox  CALL  getfsstat(0,0,0x2<MNT_SYNCHRONOUS>)
 89056 firefox  RET   getfsstat 19/0x13
 89056 firefox  CALL  getfsstat(0x1020ebd0a000,0x2a28,0x2<MNT_SYNCHRONOUS>)
 89056 firefox  RET   getfsstat 19/0x13
 89056 firefox  CALL  clock_gettime(CLOCK_MONOTONIC,0x10207f88dcb8)
 89056 firefox  RET   clock_gettime 0
 89056 firefox  CALL  clock_gettime(CLOCK_MONOTONIC,0x10207f88da68)
 89056 firefox  RET   clock_gettime 0
 89056 firefox  CALL  clock_gettime(CLOCK_MONOTONIC,0x10207f88dcb8)
 89056 firefox  RET   clock_gettime 0
 89056 firefox  CALL  kbind(0x7f7ffffcb360,24,0x93525348bc1e3741)
 89056 firefox  RET   kbind 0
 89056 firefox  CALL  kbind(0x7f7ffffcb260,24,0x93525348bc1e3741)
 89056 firefox  RET   kbind 0
 89056 firefox  CALL  kbind(0x7f7ffffcb260,24,0x93525348bc1e3741)
 89056 firefox  CALL  clock_gettime(CLOCK_MONOTONIC,0x10207f88e7a8)
 89056 firefox  RET   kbind 0
 89056 firefox  RET   clock_gettime 0
 89056 firefox  CALL  kbind(0x7f7ffffcb1b0,24,0x93525348bc1e3741)
 89056 firefox  RET   kbind 0
 89056 firefox  CALL  access(0x10212d275380,0x4<R_OK>)
 89056 firefox  PLDG  access, "getpw", errno 0 Undefined error: 0

Here's the first couple of dozen entries in backtrace, I didn't bother
with the other 68.

(gdb) bt
#0  access () at -:3
#1  0x000001e893898d54 in __initdb (shadow=0) at /usr/src/lib/libc/gen/getpwent.c:922
#2  0x000001e89389966e in getpwnam_internal (name=0x7f7ffffe0310 "sthen", pw=0x7f7ffffdc080, buf=0x1e7e8b62000 '\337' <repeats 199 times>, <incomplete sequence \337>..., buflen=1024, pwretp=0x7f7ffffdc0c8, shadow=0) at /usr/src/lib/libc/gen/getpwent.c:710
#3  0x000001e7a134dc29 in g_get_user_database_entry () at gutils.c:657
#4  0x000001e7a134db69 in g_get_user_name () at gutils.c:764
#5  0x000001e7d0859e7c in g_unix_mount_guess_should_display (mount_entry=0x1e84795bfc0) at gunixmounts.c:2697
#6  0x000001e7d0858254 in _g_unix_mount_new (volume_monitor=0x1e7a1b3f9e0, mount_entry=0x1e84795bfc0, volume=0x0) at gunixmount.c:122
#7  0x000001e7d085c020 in update_mounts (monitor=<optimized out>) at gunixvolumemonitor.c:404
#8  0x000001e856ead95a in g_type_create_instance (type=<optimized out>) at gtype.c:1866
#9  0x000001e856e9ad44 in g_object_new_internal (class=0x1e7c84a7600, params=0x0, n_params=0) at gobject.c:1799
#10 0x000001e856e9a561 in g_object_new_with_properties (object_type=<optimized out>, n_properties=0, names=<optimized out>, values=<optimized out>) at gobject.c:1967
#11 g_object_new (object_type=2094304143488, first_property_name=<optimized out>) at gobject.c:1639
#12 0x000001e7d07ef49c in populate_union_monitor (union_monitor=0x1e7ab59d490) at gunionvolumemonitor.c:519
#13 g_volume_monitor_get () at gunionvolumemonitor.c:571
#14 0x000001e7f20b101e in create_volume_monitor (sidebar=0x1e7bc67d300) at gtkplacessidebar.c:3994
#15 gtk_places_sidebar_init (sidebar=0x1e7bc67d300) at gtkplacessidebar.c:4051
#16 0x000001e856ead95a in g_type_create_instance (type=<optimized out>) at gtype.c:1866
#17 0x000001e856e9ad44 in g_object_new_internal (class=0x1e82ed6f000, params=0x0, n_params=0) at gobject.c:1799
#18 0x000001e856e9b28e in g_object_newv (object_type=2097542873344, n_parameters=0, parameters=0x0) at gobject.c:2036
#19 0x000001e7f1f3b8d5 in _gtk_builder_construct (builder=0x1e8468f0f90, info=0x1e7e0137520, error=0x7f7ffffdc750) at gtkbuilder.c:718
#20 0x000001e7f1f41057 in parse_custom (context=<optimized out>, element_name=<optimized out>, names=<optimized out>, values=<optimized out>, data=<optimized out>, error=0x7f7ffffdc750) at gtkbuilderparser.c:878
#21 start_element (context=0x1e7a37a1a00, element_name=0x1e864a64de0 "style", names=<optimized out>, values=0x7f7ffffdc710, user_data=0x1e815fb3d00, error=0x7f7ffffdc750) at gtkbuilderparser.c:985
#22 0x000001e7a131c79e in emit_start_element (context=0x1e7a37a1a00, error=0x7f7ffffdc898) at gmarkup.c:1041
#23 0x000001e7a131aec9 in g_markup_parse_context_parse (context=0x1e7a37a1a00, text=<optimized out>, text_len=<optimized out>, error=0x7f7ffffdc898) at gmarkup.c:1388
#24 0x000001e7f1f3fcb5 in _gtk_builder_parser_parse_buffer (builder=0x1e8468f0f90, filename=<optimized out>,
    buffer=0x1e7a77b6000 "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<interface domain=\"gtk30\">\n  <!-- interface-requires gtk+ 3.10 -->\n  <!-- interface-requires gtkprivate 3.10 -->\n  <template class=\"GtkFileChooserWidget\" parent="..., length=28921, requested_objs=0x0, error=0x7f7ffffdc898)
    at gtkbuilderparser.c:1261

Maybe another clue, if I add the pledge I get a few of these printed
after the point where it was killed by pledge:

(firefox:45264): Gtk-WARNING **: 13:15:59.648: Failed to measure available space: The specified location is not supported