[prev in list] [next in list] [prev in thread] [next in thread] 

List:       opensuse-security
Subject:    Re: [opensuse-security] Firefox access demands
From:       Wolfgang Rosenauer <wolfgang () rosenauer ! org>
Date:       2014-09-16 5:57:50
Message-ID: 5417D15E.1030702 () rosenauer ! org
[Download RAW message or body]

Am 16.09.2014 um 07:56 schrieb Wolfgang Rosenauer:
> Hi,
> 
> Am 16.09.2014 um 07:44 schrieb Marcus Meissner:
>> On Mon, Sep 15, 2014 at 07:36:41PM +0200, pinguin74 wrote:
>>> Hello,
>>>
>>> I just see, Firefox wants to acces /proc/tty/drivers and asks for PTRACE
>>> use.
>>>
>>> Is it safe to grant this access? What are the risks connected to
>>> accessing these things? Currently Firefox seem to work well without
>>> granting these things...
>>
>> I do not see why it would need it.
>>
>> You can always disable it and see what happens? :)
>>
>> ptrace is dangerous as it allows to control all other processes of
>> the same UID.
> 
> From a very quick scan of the Firefox sources I can find basically two
> possibilities:
> - builtin stack unwinding (in crashreporter/breakpad and ?libstagefright?
> - sandbox (from FF 33 up)

This is obviously only the Mozilla code. The access could be done from an
external lib as well I guess.


Wolfgang

-- 
To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org
To contact the owner, e-mail: opensuse-security+owner@opensuse.org

[prev in list] [next in list] [prev in thread] [next in thread]