firefox, sndiod and pledge

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

firefox, sndiod and pledge

Hrvoje Popovski
Hi all,

i'm not sure is this intended or not, but if sndiod isn't running and if
i want to open youtube video with firefox i got this log
firefox[54192]: pledge "tty", syscall 54 and firefox crashes ....
when sndiod is running everything seems fine ..


from kdump
 70068 firefox  CALL  ioctl(56,AUDIO_STOP,0x1)
 70068 firefox  PLDG  ioctl, "tty", errno 1 Operation not permitted


from gdb
(gdb) bt
#0  ioctl () at -:3
#1  0x00001ad9e350858e in sio_sun_fdopen (fd=31, mode=1, nbio=1) at
/usr/src/lib/libsndio/sio_sun.c:326
#2  0x00001ad9e3508626 in _sio_sun_open (str=Variable "str" is not
available.
) at /usr/src/lib/libsndio/sio_sun.c:345
#3  0x00001ada4916e16b in WebPGetColorPalette () from
/usr/local/lib/firefox/libxul.so.84.0
#4  0x00001ada4916d47d in WebPGetColorPalette () from
/usr/local/lib/firefox/libxul.so.84.0
#5  0x00001ada47f0f415 in std::__1::__murmur2_or_cityhash<unsigned long,
64ul>::__hash_len_0_to_16 () from /usr/local/lib/firefox/libxul.so.84.0
#6  0x00001ada47f0f2d2 in std::__1::__murmur2_or_cityhash<unsigned long,
64ul>::__hash_len_0_to_16 () from /usr/local/lib/firefox/libxul.so.84.0
#7  0x00001ada480bdb0c in
cdm::ContentDecryptionModule_10::~ContentDecryptionModule_10 () from
/usr/local/lib/firefox/libxul.so.84.0
#8  0x00001ada480bca8a in
cdm::ContentDecryptionModule_10::~ContentDecryptionModule_10 () from
/usr/local/lib/firefox/libxul.so.84.0
#9  0x00001ada480bf915 in
cdm::ContentDecryptionModule_10::~ContentDecryptionModule_10 () from
/usr/local/lib/firefox/libxul.so.84.0
#10 0x00001ada480c60e9 in
cdm::ContentDecryptionModule_10::~ContentDecryptionModule_10 () from
/usr/local/lib/firefox/libxul.so.84.0
#11 0x00001ada47f63ada in std::__1::__split_buffer<int*,
std::__1::allocator<int*>&>::push_front () from
/usr/local/lib/firefox/libxul.so.84.0
#12 0x00001ada47f5dc46 in std::__1::__split_buffer<int*,
std::__1::allocator<int*>&>::push_front () from
/usr/local/lib/firefox/libxul.so.84.0
#13 0x00001ada47f5da7b in std::__1::__split_buffer<int*,
std::__1::allocator<int*>&>::push_front () from
/usr/local/lib/firefox/libxul.so.84.0
#14 0x00001ada47f9047d in std::__1::__split_buffer<int*,
std::__1::allocator<int*>&>::push_front () from
/usr/local/lib/firefox/libxul.so.84.0
#15 0x00001ada461232f8 in std::__1::function<void ()(long long)>::swap
() from /usr/local/lib/firefox/libxul.so.84.0
#16 0x00001ada46120f51 in std::__1::function<void ()(long long)>::swap
() from /usr/local/lib/firefox/libxul.so.84.0
#17 0x00001ada46134a3e in std::__1::function<void ()(long long)>::swap
() from /usr/local/lib/firefox/libxul.so.84.0
#18 0x00001ada46134b9b in std::__1::function<void ()(long long)>::swap
() from /usr/local/lib/firefox/libxul.so.84.0
#19 0x00001ada46130c32 in std::__1::function<void ()(long long)>::swap
() from /usr/local/lib/firefox/libxul.so.84.0
#20 0x00001ada46133271 in std::__1::function<void ()(long long)>::swap
() from /usr/local/lib/firefox/libxul.so.84.0
#21 0x00001ada4655eb47 in std::__1::vector<int, std::__1::allocator<int>
>::__append () from /usr/local/lib/firefox/libxul.so.84.0
#22 0x00001ada464dc85f in std::__1::vector<std::__1::basic_string<char,
std::__1::char_traits<char>, std::__1::allocator<char> >,
std::__1::allocator<std::__1::basic_string<char,
std::__1::char_traits<char>, std::__1::allocator<char> > >
>::insert<std::__1::__wrap_iter<std::__1::basic_string<char,
std::__1::char_traits<char>, std::__1::allocator<char> >*> > () from
/usr/local/lib/firefox/libxul.so.84.0
#23 0x00001ada4612e92d in std::__1::function<void ()(long long)>::swap
() from /usr/local/lib/firefox/libxul.so.84.0
#24 0x00001adaa590c0a9 in _pt_root (arg=0x1adab98c4100) at ptthread.c:201
#25 0x00001adac18e2771 in _rthread_start (v=Variable "v" is not available.
) at /usr/src/lib/librthread/rthread.c:96
#26 0x00001ada973897c8 in __tfork_thread () at
/usr/src/lib/libc/arch/amd64/sys/tfork_thread.S:77
#27 0x0000000000000000 in ?? ()
Current language:  auto; currently asm

Reply | Threaded
Open this post in threaded view
|

Re: firefox, sndiod and pledge

Solene Rapenne
On Thu, May 30, 2019 at 10:41:39AM +0200, Hrvoje Popovski wrote:
> Hi all,
>
> i'm not sure is this intended or not, but if sndiod isn't running and if
> i want to open youtube video with firefox i got this log
> firefox[54192]: pledge "tty", syscall 54 and firefox crashes ....
> when sndiod is running everything seems fine ..
>
>

which firefox package and version on which openbsd version?

Reply | Threaded
Open this post in threaded view
|

Re: firefox, sndiod and pledge

Hrvoje Popovski
On 30.5.2019. 10:48, Solene Rapenne wrote:

> On Thu, May 30, 2019 at 10:41:39AM +0200, Hrvoje Popovski wrote:
>> Hi all,
>>
>> i'm not sure is this intended or not, but if sndiod isn't running and if
>> i want to open youtube video with firefox i got this log
>> firefox[54192]: pledge "tty", syscall 54 and firefox crashes ....
>> when sndiod is running everything seems fine ..
>>
>>
>
> which firefox package and version on which openbsd version?

i have installed gnome and desktop stuff few days ago just to see how it
works :) i'm not much of a openbsd desktop user


firefox-67.0        Mozilla web browser

OpenBSD 6.5-current (GENERIC.MP) #51: Wed May 29 19:46:38 MDT 2019
    [hidden email]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8456089600 (8064MB)
avail mem = 8189689856 (7810MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xe87b1 (86 entries)
bios0: vendor Hewlett-Packard version "J01 v02.29" date 04/04/2016
bios0: Hewlett-Packard HP Compaq 8200 Elite CMT PC
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC SSDT MCFG HPET SSDT SLIC TCPA
acpi0: wakeup devices PS2K(S3) PS2M(S3) BR20(S4) EUSB(S3) USBE(S3)
PEX0(S4) PEX1(S4) PEX2(S4) PEX3(S4) PEX4(S4) PEX5(S4) PEX6(S4) PEX7(S4)
P0P1(S4) P0P2(S4) P0P3(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz, 3293.38 MHz, 06-2a-07
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz, 3292.53 MHz, 06-2a-07
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz, 3292.53 MHz, 06-2a-07
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz, 3292.53 MHz, 06-2a-07
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 0, core 3, package 0
ioapic0 at mainbus0: apid 0 pa 0xfec00000, version 20, 24 pins
acpimcfg0 at acpi0
acpimcfg0: addr 0xe0000000, bus 0-255
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 5 (BR20)
acpiprt2 at acpi0: bus 1 (PEX0)
acpiprt3 at acpi0: bus -1 (PEX1)
acpiprt4 at acpi0: bus -1 (PEX2)
acpiprt5 at acpi0: bus -1 (PEX3)
acpiprt6 at acpi0: bus 2 (PEX4)
acpiprt7 at acpi0: bus -1 (PEX5)
acpiprt8 at acpi0: bus 3 (PEX6)
acpiprt9 at acpi0: bus 4 (PEX7)
acpiprt10 at acpi0: bus -1 (P0P1)
acpiprt11 at acpi0: bus -1 (P0P2)
acpiprt12 at acpi0: bus -1 (P0P3)
acpiprt13 at acpi0: bus -1 (P0P4)
acpicpu0 at acpi0: C1(1000@1 halt), PSS
acpicpu1 at acpi0: C1(1000@1 halt), PSS
acpicpu2 at acpi0: C1(1000@1 halt), PSS
acpicpu3 at acpi0: C1(1000@1 halt), PSS
acpipci0 at acpi0 PCI0: 0x00000010 0x00000011 0x00000000
acpicmos0 at acpi0
tpm0 at acpi0: TPM_ addr 0xfed40000/0x5000, Infineon SLB9635 1.2 rev 0x10
acpibtn0 at acpi0: PWRB
"PNP0C14" at acpi0 not configured
ipmi at mainbus0 not configured
cpu0: using VERW MDS workaround (except on vmm entry)
cpu0: Enhanced SpeedStep 3293 MHz: speeds: 3301, 3300, 3100, 2900, 2700,
2500, 2300, 2100, 1900, 1700, 1600 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Core 2G Host" rev 0x09
inteldrm0 at pci0 dev 2 function 0 "Intel HD Graphics 2000" rev 0x09
drm0 at inteldrm0
inteldrm0: msi
em0 at pci0 dev 25 function 0 "Intel 82579LM" rev 0x04: msi, address
78:ac:c0:ba:4a:7c
ehci0 at pci0 dev 26 function 0 "Intel 6 Series USB" rev 0x04: apic 0 int 16
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 configuration 1 interface 0 "Intel EHCI root hub" rev
2.00/1.00 addr 1
azalia0 at pci0 dev 27 function 0 "Intel 6 Series HD Audio" rev 0x04: msi
azalia0: codecs: Realtek ALC662, Intel/0x2805, using Realtek ALC662
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 "Intel 6 Series PCIE" rev 0xb4: msi
pci1 at ppb0 bus 1
ppb1 at pci0 dev 28 function 4 "Intel 6 Series PCIE" rev 0xb4: msi
pci2 at ppb1 bus 2
ppb2 at pci0 dev 28 function 6 "Intel 6 Series PCIE" rev 0xb4: msi
pci3 at ppb2 bus 3
ppb3 at pci0 dev 28 function 7 "Intel 6 Series PCIE" rev 0xb4: msi
pci4 at ppb3 bus 4
ehci1 at pci0 dev 29 function 0 "Intel 6 Series USB" rev 0x04: apic 0 int 23
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 configuration 1 interface 0 "Intel EHCI root hub" rev
2.00/1.00 addr 1
ppb4 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0xa4
pci5 at ppb4 bus 5
pcib0 at pci0 dev 31 function 0 "Intel Q67 LPC" rev 0x04
ahci0 at pci0 dev 31 function 2 "Intel 6 Series AHCI" rev 0x04: msi,
AHCI 1.3
ahci0: port 0: 6.0Gb/s
ahci0: port 1: 6.0Gb/s
ahci0: port 2: 1.5Gb/s
ahci0: port 3: 3.0Gb/s
scsibus1 at ahci0: 32 targets
sd0 at scsibus1 targ 0 lun 0: <ATA, WDC WD1000DHTZ-0, 04.0> SCSI3
0/direct fixed naa.50014ee7aaada488
sd0: 953869MB, 512 bytes/sector, 1953525168 sectors
sd1 at scsibus1 targ 1 lun 0: <ATA, WDC WD30EZRX-00D, 80.0> SCSI3
0/direct fixed naa.50014ee25e87ef8e
sd1: 2861588MB, 512 bytes/sector, 5860533168 sectors
cd0 at scsibus1 targ 2 lun 0: <hp, DVD A DH16ABLH, 3HD9> ATAPI 5/cdrom
removable
sd2 at scsibus1 targ 3 lun 0: <ATA, ST3500413AS, HP61> SCSI3 0/direct
fixed naa.5000c5002db8bf5e
sd2: 476940MB, 512 bytes/sector, 976773168 sectors
ichiic0 at pci0 dev 31 function 3 "Intel 6 Series SMBus" rev 0x04: apic
0 int 18
iic0 at ichiic0
spdmem0 at iic0 addr 0x50: 2GB DDR3 SDRAM PC3-10600
spdmem1 at iic0 addr 0x51: 2GB DDR3 SDRAM PC3-10600
spdmem2 at iic0 addr 0x52: 2GB DDR3 SDRAM PC3-10600
spdmem3 at iic0 addr 0x53: 2GB DDR3 SDRAM PC3-10600
isa0 at pcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
uhub2 at uhub0 port 1 configuration 1 interface 0 "Intel Rate Matching
Hub" rev 2.00/0.00 addr 2
uhidev0 at uhub2 port 3 configuration 1 interface 0 "Logitech Optical
USB Mouse" rev 2.00/3.40 addr 3
uhidev0: iclass 3/1
ums0 at uhidev0: 3 buttons, Z dir
wsmouse0 at ums0 mux 0
uhidev1 at uhub2 port 5 configuration 1 interface 0 "LITE-ON Technology
USB NetVista Full Width Keyboard." rev 1.10/1.09 addr 4
uhidev1: iclass 3/1
ukbd0 at uhidev1: 8 variable keys, 6 key codes
wskbd1 at ukbd0 mux 1
uhub3 at uhub1 port 1 configuration 1 interface 0 "Intel Rate Matching
Hub" rev 2.00/0.00 addr 2
vscsi0 at root
scsibus2 at vscsi0: 256 targets
softraid0 at root
scsibus3 at softraid0: 256 targets
root on sd2a (9fc0acceac93c3a4.a) swap on sd2b dump on sd2b
inteldrm0: 1920x1080, 32bpp
wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation), using wskbd0
wskbd1: connecting to wsdisplay0
wsdisplay0: screen 1-5 added (std, vt100 emulation)
firefox[19425]: pledge "tty", syscall 54
firefox[82871]: pledge "tty", syscall 54
firefox[54192]: pledge "tty", syscall 54

Reply | Threaded
Open this post in threaded view
|

Re: firefox, sndiod and pledge

Theo de Raadt-2
In reply to this post by Hrvoje Popovski
firefox privilege seperation is very rough.  The code was written as an
afterthought, and it clearly has many cases where processes perform
operations directly.

I expect the response will be to add pledge "audio" to permit those
ioctls, and in time the firefox processes will have essentially all
pledges.  It is a tremendously long line.  The addition of each pledge
admits the program isn't a privsep design, and the advertised isolation
isn't that great.

Reports of these pledge failures could be used by upstream to improve
the seperation -- moving the operations to better processes.  But I
doubt that will happen.

Adding privsep to programs after the fact is very difficult.

> i'm not sure is this intended or not, but if sndiod isn't running and if
> i want to open youtube video with firefox i got this log
> firefox[54192]: pledge "tty", syscall 54 and firefox crashes ....
> when sndiod is running everything seems fine ..
>
>
> from kdump
>  70068 firefox  CALL  ioctl(56,AUDIO_STOP,0x1)
>  70068 firefox  PLDG  ioctl, "tty", errno 1 Operation not permitted
>
>
> from gdb
> (gdb) bt
> #0  ioctl () at -:3
> #1  0x00001ad9e350858e in sio_sun_fdopen (fd=31, mode=1, nbio=1) at
> /usr/src/lib/libsndio/sio_sun.c:326
> #2  0x00001ad9e3508626 in _sio_sun_open (str=Variable "str" is not
> available.
> ) at /usr/src/lib/libsndio/sio_sun.c:345
> #3  0x00001ada4916e16b in WebPGetColorPalette () from
> /usr/local/lib/firefox/libxul.so.84.0
> #4  0x00001ada4916d47d in WebPGetColorPalette () from
> /usr/local/lib/firefox/libxul.so.84.0
> #5  0x00001ada47f0f415 in std::__1::__murmur2_or_cityhash<unsigned long,
> 64ul>::__hash_len_0_to_16 () from /usr/local/lib/firefox/libxul.so.84.0
> #6  0x00001ada47f0f2d2 in std::__1::__murmur2_or_cityhash<unsigned long,
> 64ul>::__hash_len_0_to_16 () from /usr/local/lib/firefox/libxul.so.84.0
> #7  0x00001ada480bdb0c in
> cdm::ContentDecryptionModule_10::~ContentDecryptionModule_10 () from
> /usr/local/lib/firefox/libxul.so.84.0
> #8  0x00001ada480bca8a in
> cdm::ContentDecryptionModule_10::~ContentDecryptionModule_10 () from
> /usr/local/lib/firefox/libxul.so.84.0
> #9  0x00001ada480bf915 in
> cdm::ContentDecryptionModule_10::~ContentDecryptionModule_10 () from
> /usr/local/lib/firefox/libxul.so.84.0
> #10 0x00001ada480c60e9 in
> cdm::ContentDecryptionModule_10::~ContentDecryptionModule_10 () from
> /usr/local/lib/firefox/libxul.so.84.0
> #11 0x00001ada47f63ada in std::__1::__split_buffer<int*,
> std::__1::allocator<int*>&>::push_front () from
> /usr/local/lib/firefox/libxul.so.84.0
> #12 0x00001ada47f5dc46 in std::__1::__split_buffer<int*,
> std::__1::allocator<int*>&>::push_front () from
> /usr/local/lib/firefox/libxul.so.84.0
> #13 0x00001ada47f5da7b in std::__1::__split_buffer<int*,
> std::__1::allocator<int*>&>::push_front () from
> /usr/local/lib/firefox/libxul.so.84.0
> #14 0x00001ada47f9047d in std::__1::__split_buffer<int*,
> std::__1::allocator<int*>&>::push_front () from
> /usr/local/lib/firefox/libxul.so.84.0
> #15 0x00001ada461232f8 in std::__1::function<void ()(long long)>::swap
> () from /usr/local/lib/firefox/libxul.so.84.0
> #16 0x00001ada46120f51 in std::__1::function<void ()(long long)>::swap
> () from /usr/local/lib/firefox/libxul.so.84.0
> #17 0x00001ada46134a3e in std::__1::function<void ()(long long)>::swap
> () from /usr/local/lib/firefox/libxul.so.84.0
> #18 0x00001ada46134b9b in std::__1::function<void ()(long long)>::swap
> () from /usr/local/lib/firefox/libxul.so.84.0
> #19 0x00001ada46130c32 in std::__1::function<void ()(long long)>::swap
> () from /usr/local/lib/firefox/libxul.so.84.0
> #20 0x00001ada46133271 in std::__1::function<void ()(long long)>::swap
> () from /usr/local/lib/firefox/libxul.so.84.0
> #21 0x00001ada4655eb47 in std::__1::vector<int, std::__1::allocator<int>
> >::__append () from /usr/local/lib/firefox/libxul.so.84.0
> #22 0x00001ada464dc85f in std::__1::vector<std::__1::basic_string<char,
> std::__1::char_traits<char>, std::__1::allocator<char> >,
> std::__1::allocator<std::__1::basic_string<char,
> std::__1::char_traits<char>, std::__1::allocator<char> > >
> >::insert<std::__1::__wrap_iter<std::__1::basic_string<char,
> std::__1::char_traits<char>, std::__1::allocator<char> >*> > () from
> /usr/local/lib/firefox/libxul.so.84.0
> #23 0x00001ada4612e92d in std::__1::function<void ()(long long)>::swap
> () from /usr/local/lib/firefox/libxul.so.84.0
> #24 0x00001adaa590c0a9 in _pt_root (arg=0x1adab98c4100) at ptthread.c:201
> #25 0x00001adac18e2771 in _rthread_start (v=Variable "v" is not available.
> ) at /usr/src/lib/librthread/rthread.c:96
> #26 0x00001ada973897c8 in __tfork_thread () at
> /usr/src/lib/libc/arch/amd64/sys/tfork_thread.S:77
> #27 0x0000000000000000 in ?? ()
> Current language:  auto; currently asm
>

Reply | Threaded
Open this post in threaded view
|

Re: firefox, sndiod and pledge

Stuart Henderson
In reply to this post by Hrvoje Popovski
On 2019-05-30, Hrvoje Popovski <[hidden email]> wrote:
> Hi all,
>
> i'm not sure is this intended or not, but if sndiod isn't running and if
> i want to open youtube video with firefox i got this log
> firefox[54192]: pledge "tty", syscall 54 and firefox crashes ....
> when sndiod is running everything seems fine ..

Similar with chromium's main process and audio.

Maybe it would be nice if libsndio had an option to say "I'm a pledged
program, error out instead of trying to talk to the device direct
and killing the process" ...

But then again, in both cases (chromium/firefox) the main process already
has a "kitchen-sink" pledge.


Reply | Threaded
Open this post in threaded view
|

Re: firefox, sndiod and pledge

Alexandre Ratchov-2
On Thu, May 30, 2019 at 09:07:45PM -0000, Stuart Henderson wrote:

> On 2019-05-30, Hrvoje Popovski <[hidden email]> wrote:
> > Hi all,
> >
> > i'm not sure is this intended or not, but if sndiod isn't running and if
> > i want to open youtube video with firefox i got this log
> > firefox[54192]: pledge "tty", syscall 54 and firefox crashes ....
> > when sndiod is running everything seems fine ..
>
> Similar with chromium's main process and audio.
>
> Maybe it would be nice if libsndio had an option to say "I'm a pledged
> program, error out instead of trying to talk to the device direct
> and killing the process" ...

I see no reason to not add the "audio" promise to programs using
audio. There are few situations where using the device directly makes
perfectly sense.

Reply | Threaded
Open this post in threaded view
|

Re: firefox, sndiod and pledge

Theo de Raadt-2
Alexandre Ratchov <[hidden email]> wrote:

> On Thu, May 30, 2019 at 09:07:45PM -0000, Stuart Henderson wrote:
> > On 2019-05-30, Hrvoje Popovski <[hidden email]> wrote:
> > > Hi all,
> > >
> > > i'm not sure is this intended or not, but if sndiod isn't running and if
> > > i want to open youtube video with firefox i got this log
> > > firefox[54192]: pledge "tty", syscall 54 and firefox crashes ....
> > > when sndiod is running everything seems fine ..
> >
> > Similar with chromium's main process and audio.
> >
> > Maybe it would be nice if libsndio had an option to say "I'm a pledged
> > program, error out instead of trying to talk to the device direct
> > and killing the process" ...
>
> I see no reason to not add the "audio" promise to programs using
> audio. There are few situations where using the device directly makes
> perfectly sense.

I see no reason not to give firefox's main process every pledge known
to man, and maybe invent a few more pledges to keep it happy.

Oh come on.  It is ridiculous.  Thse programs are not designed to run
with such restrictions.  They believe they can do anything.