On Sat, May 12, 2018 at 08:07:17PM +0900, Bryan Linton wrote: > On 2018-05-11 14:00:57, Landry Breuil <[email protected]> wrote: > > CVSROOT: /cvs > > Module name: ports > > Changes by: [email protected] 2018/05/11 14:00:57 > > > > [...] > > > > Log message: > > Update to firefox 60. > > > > [...] > > > > If you encounter crashes due to pledge, look into your kernel log, and > > try to figure out what missing pledge is needed or what firefox codepath > > hits it. > > > > [...] > > > > So far i know 'getpw' might be needed when uploading files but i havent > > hit it, and 'proc' might be needed by the content process when there's > > no dbus daemon running, but they're not needed in the 'common case', and > > too broad. > > > > Hello, > > I've found that a simple "Right-click -> Save image as" or > "Right-click -> Save link as" causes Firefox to crash. > > firefox[77259]: pledge "getpw", syscall 33 > firefox[11365]: pledge "getpw", syscall 33 > firefox[11365]: pledge "stdio", syscall 29 > firefox[76277]: pledge "getpw", syscall 33 > firefox[10702]: pledge "getpw", syscall 33 > > I tried four separate times. All of them showed a "getpw" pledge > error. For some reason, one of the trials also caused it to emit > an "stdio" pledge error too. > > I see that stdio is already pledged, so I have no idea why or > where that error came from. > > FWIW, /usr/src/sys/kern/syscalls.master says that syscalls 29 and 33 are > the following: > > 29 STD { ssize_t sys_recvfrom(int s, void *buf, size_t len, \ > int flags, struct sockaddr *from, \ > socklen_t *fromlenaddr); } > > 33 STD { int sys_access(const char *path, int amode); } > > Adding the "getpw" pledge to "security.sandbox.pledge.content" > doesn't fix it. However adding it to "security.sandbox.pledge.main" > lets everything run just fine again.
Well, i can't reproduce it here, and i have no issue calling 'save link as' or 'save page as' dialogs without getpw pledge on main process. Though i havent tried *actually* saving the image/page. I'll need a bit more context.. can you look at the coredump with egdb from ports and try to get the backtrace for the pledge abort, so that we figure out if it's within firefox or the glib layers ? Are you running within a full desktop environment ? dbus is running ? Are you saving to a network device ? Using YP ?
