Re: firefox, sndiod and pledge
Alexandre Ratchov wrote: > On Thu, May 30, 2019 at 09:07:45PM -, Stuart Henderson wrote: > > On 2019-05-30, Hrvoje Popovski wrote: > > > Hi all, > > > > > > i'm not sure is this intended or not, but if sndiod isn't running and if > > > i want to open youtube video with firefox i got this log > > > firefox[54192]: pledge "tty", syscall 54 and firefox crashes > > > when sndiod is running everything seems fine .. > > > > Similar with chromium's main process and audio. > > > > Maybe it would be nice if libsndio had an option to say "I'm a pledged > > program, error out instead of trying to talk to the device direct > > and killing the process" ... > > I see no reason to not add the "audio" promise to programs using > audio. There are few situations where using the device directly makes > perfectly sense. I see no reason not to give firefox's main process every pledge known to man, and maybe invent a few more pledges to keep it happy. Oh come on. It is ridiculous. Thse programs are not designed to run with such restrictions. They believe they can do anything.
Re: firefox, sndiod and pledge
On Thu, May 30, 2019 at 09:07:45PM -, Stuart Henderson wrote: > On 2019-05-30, Hrvoje Popovski wrote: > > Hi all, > > > > i'm not sure is this intended or not, but if sndiod isn't running and if > > i want to open youtube video with firefox i got this log > > firefox[54192]: pledge "tty", syscall 54 and firefox crashes > > when sndiod is running everything seems fine .. > > Similar with chromium's main process and audio. > > Maybe it would be nice if libsndio had an option to say "I'm a pledged > program, error out instead of trying to talk to the device direct > and killing the process" ... I see no reason to not add the "audio" promise to programs using audio. There are few situations where using the device directly makes perfectly sense.
Re: firefox, sndiod and pledge
On 2019-05-30, Hrvoje Popovski wrote: > Hi all, > > i'm not sure is this intended or not, but if sndiod isn't running and if > i want to open youtube video with firefox i got this log > firefox[54192]: pledge "tty", syscall 54 and firefox crashes > when sndiod is running everything seems fine .. Similar with chromium's main process and audio. Maybe it would be nice if libsndio had an option to say "I'm a pledged program, error out instead of trying to talk to the device direct and killing the process" ... But then again, in both cases (chromium/firefox) the main process already has a "kitchen-sink" pledge.
Re: firefox, sndiod and pledge
firefox privilege seperation is very rough. The code was written as an afterthought, and it clearly has many cases where processes perform operations directly. I expect the response will be to add pledge "audio" to permit those ioctls, and in time the firefox processes will have essentially all pledges. It is a tremendously long line. The addition of each pledge admits the program isn't a privsep design, and the advertised isolation isn't that great. Reports of these pledge failures could be used by upstream to improve the seperation -- moving the operations to better processes. But I doubt that will happen. Adding privsep to programs after the fact is very difficult. > i'm not sure is this intended or not, but if sndiod isn't running and if > i want to open youtube video with firefox i got this log > firefox[54192]: pledge "tty", syscall 54 and firefox crashes > when sndiod is running everything seems fine .. > > > from kdump > 70068 firefox CALL ioctl(56,AUDIO_STOP,0x1) > 70068 firefox PLDG ioctl, "tty", errno 1 Operation not permitted > > > from gdb > (gdb) bt > #0 ioctl () at -:3 > #1 0x1ad9e350858e in sio_sun_fdopen (fd=31, mode=1, nbio=1) at > /usr/src/lib/libsndio/sio_sun.c:326 > #2 0x1ad9e3508626 in _sio_sun_open (str=Variable "str" is not > available. > ) at /usr/src/lib/libsndio/sio_sun.c:345 > #3 0x1ada4916e16b in WebPGetColorPalette () from > /usr/local/lib/firefox/libxul.so.84.0 > #4 0x1ada4916d47d in WebPGetColorPalette () from > /usr/local/lib/firefox/libxul.so.84.0 > #5 0x1ada47f0f415 in std::__1::__murmur2_or_cityhash 64ul>::__hash_len_0_to_16 () from /usr/local/lib/firefox/libxul.so.84.0 > #6 0x1ada47f0f2d2 in std::__1::__murmur2_or_cityhash 64ul>::__hash_len_0_to_16 () from /usr/local/lib/firefox/libxul.so.84.0 > #7 0x1ada480bdb0c in > cdm::ContentDecryptionModule_10::~ContentDecryptionModule_10 () from > /usr/local/lib/firefox/libxul.so.84.0 > #8 0x1ada480bca8a in > cdm::ContentDecryptionModule_10::~ContentDecryptionModule_10 () from > /usr/local/lib/firefox/libxul.so.84.0 > #9 0x1ada480bf915 in > cdm::ContentDecryptionModule_10::~ContentDecryptionModule_10 () from > /usr/local/lib/firefox/libxul.so.84.0 > #10 0x1ada480c60e9 in > cdm::ContentDecryptionModule_10::~ContentDecryptionModule_10 () from > /usr/local/lib/firefox/libxul.so.84.0 > #11 0x1ada47f63ada in std::__1::__split_buffer std::__1::allocator&>::push_front () from > /usr/local/lib/firefox/libxul.so.84.0 > #12 0x1ada47f5dc46 in std::__1::__split_buffer std::__1::allocator&>::push_front () from > /usr/local/lib/firefox/libxul.so.84.0 > #13 0x1ada47f5da7b in std::__1::__split_buffer std::__1::allocator&>::push_front () from > /usr/local/lib/firefox/libxul.so.84.0 > #14 0x1ada47f9047d in std::__1::__split_buffer std::__1::allocator&>::push_front () from > /usr/local/lib/firefox/libxul.so.84.0 > #15 0x1ada461232f8 in std::__1::function::swap > () from /usr/local/lib/firefox/libxul.so.84.0 > #16 0x1ada46120f51 in std::__1::function::swap > () from /usr/local/lib/firefox/libxul.so.84.0 > #17 0x1ada46134a3e in std::__1::function::swap > () from /usr/local/lib/firefox/libxul.so.84.0 > #18 0x1ada46134b9b in std::__1::function::swap > () from /usr/local/lib/firefox/libxul.so.84.0 > #19 0x1ada46130c32 in std::__1::function::swap > () from /usr/local/lib/firefox/libxul.so.84.0 > #20 0x1ada46133271 in std::__1::function::swap > () from /usr/local/lib/firefox/libxul.so.84.0 > #21 0x1ada4655eb47 in std::__1::vector > >::__append () from /usr/local/lib/firefox/libxul.so.84.0 > #22 0x1ada464dc85f in std::__1::vector std::__1::char_traits, std::__1::allocator >, > std::__1::allocator std::__1::char_traits, std::__1::allocator > > > >::insert std::__1::char_traits, std::__1::allocator >*> > () from > /usr/local/lib/firefox/libxul.so.84.0 > #23 0x1ada4612e92d in std::__1::function::swap > () from /usr/local/lib/firefox/libxul.so.84.0 > #24 0x1adaa590c0a9 in _pt_root (arg=0x1adab98c4100) at ptthread.c:201 > #25 0x1adac18e2771 in _rthread_start (v=Variable "v" is not available. > ) at /usr/src/lib/librthread/rthread.c:96 > #26 0x1ada973897c8 in __tfork_thread () at > /usr/src/lib/libc/arch/amd64/sys/tfork_thread.S:77 > #27 0x in ?? () > Current language: auto; currently asm >
Re: firefox, sndiod and pledge
On 30.5.2019. 10:48, Solene Rapenne wrote: > On Thu, May 30, 2019 at 10:41:39AM +0200, Hrvoje Popovski wrote: >> Hi all, >> >> i'm not sure is this intended or not, but if sndiod isn't running and if >> i want to open youtube video with firefox i got this log >> firefox[54192]: pledge "tty", syscall 54 and firefox crashes >> when sndiod is running everything seems fine .. >> >> > > which firefox package and version on which openbsd version? i have installed gnome and desktop stuff few days ago just to see how it works :) i'm not much of a openbsd desktop user firefox-67.0Mozilla web browser OpenBSD 6.5-current (GENERIC.MP) #51: Wed May 29 19:46:38 MDT 2019 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8456089600 (8064MB) avail mem = 8189689856 (7810MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xe87b1 (86 entries) bios0: vendor Hewlett-Packard version "J01 v02.29" date 04/04/2016 bios0: Hewlett-Packard HP Compaq 8200 Elite CMT PC acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC SSDT MCFG HPET SSDT SLIC TCPA acpi0: wakeup devices PS2K(S3) PS2M(S3) BR20(S4) EUSB(S3) USBE(S3) PEX0(S4) PEX1(S4) PEX2(S4) PEX3(S4) PEX4(S4) PEX5(S4) PEX6(S4) PEX7(S4) P0P1(S4) P0P2(S4) P0P3(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz, 3293.38 MHz, 06-2a-07 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz, 3292.53 MHz, 06-2a-07 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz, 3292.53 MHz, 06-2a-07 cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 6 (application processor) cpu3: Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz, 3292.53 MHz, 06-2a-07 cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 0, core 3, package 0 ioapic0 at mainbus0: apid 0 pa 0xfec0, version 20, 24 pins acpimcfg0 at acpi0 acpimcfg0: addr 0xe000, bus 0-255 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 5 (BR20) acpiprt2 at acpi0: bus 1 (PEX0) acpiprt3 at acpi0: bus -1 (PEX1) acpiprt4 at acpi0: bus -1 (PEX2) acpiprt5 at acpi0: bus -1 (PEX3) acpiprt6 at acpi0: bus 2 (PEX4) acpiprt7 at acpi0: bus -1 (PEX5) acpiprt8 at acpi0: bus 3 (PEX6) acpiprt9 at acpi0: bus 4 (PEX7) acpiprt10 at acpi0: bus -1 (P0P1) acpiprt11 at acpi0: bus -1 (P0P2) acpiprt12 at acpi0: bus -1 (P0P3) acpiprt13 at acpi0: bus -1 (P0P4) acpicpu0 at acpi0: C1(1000@1 halt), PSS acpicpu1 at acpi0: C1(1000@1 halt), PSS acpicpu2 at acpi0: C1(1000@1 halt), PSS acpicpu3 at acpi0: C1(1000@1 halt), PSS acpipci0 at acpi0 PCI0: 0x0010 0x0011 0x acpicmos0 at acpi0 tpm0 at acpi0: TPM_ addr 0xfed4/0x5000, Infineon SLB9635 1.2 rev 0x10 acpibtn0 at acpi0: PWRB "PNP0C14" at acpi0 not configured ipmi at mainbus0 not configured cpu0: using VERW MDS workaround (except on vmm entry) cpu0: Enhanced SpeedStep 3293 MHz: speeds: 3301, 3300, 3100, 2900, 2700, 2500, 2300, 2100, 1900, 1700, 1600 MHz pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel Core 2G Host" rev 0x09 inteldrm0 at pci0 dev 2 function 0 "
Re: firefox, sndiod and pledge
On Thu, May 30, 2019 at 10:41:39AM +0200, Hrvoje Popovski wrote: > Hi all, > > i'm not sure is this intended or not, but if sndiod isn't running and if > i want to open youtube video with firefox i got this log > firefox[54192]: pledge "tty", syscall 54 and firefox crashes > when sndiod is running everything seems fine .. > > which firefox package and version on which openbsd version?
firefox, sndiod and pledge
Hi all, i'm not sure is this intended or not, but if sndiod isn't running and if i want to open youtube video with firefox i got this log firefox[54192]: pledge "tty", syscall 54 and firefox crashes when sndiod is running everything seems fine .. from kdump 70068 firefox CALL ioctl(56,AUDIO_STOP,0x1) 70068 firefox PLDG ioctl, "tty", errno 1 Operation not permitted from gdb (gdb) bt #0 ioctl () at -:3 #1 0x1ad9e350858e in sio_sun_fdopen (fd=31, mode=1, nbio=1) at /usr/src/lib/libsndio/sio_sun.c:326 #2 0x1ad9e3508626 in _sio_sun_open (str=Variable "str" is not available. ) at /usr/src/lib/libsndio/sio_sun.c:345 #3 0x1ada4916e16b in WebPGetColorPalette () from /usr/local/lib/firefox/libxul.so.84.0 #4 0x1ada4916d47d in WebPGetColorPalette () from /usr/local/lib/firefox/libxul.so.84.0 #5 0x1ada47f0f415 in std::__1::__murmur2_or_cityhash::__hash_len_0_to_16 () from /usr/local/lib/firefox/libxul.so.84.0 #6 0x1ada47f0f2d2 in std::__1::__murmur2_or_cityhash::__hash_len_0_to_16 () from /usr/local/lib/firefox/libxul.so.84.0 #7 0x1ada480bdb0c in cdm::ContentDecryptionModule_10::~ContentDecryptionModule_10 () from /usr/local/lib/firefox/libxul.so.84.0 #8 0x1ada480bca8a in cdm::ContentDecryptionModule_10::~ContentDecryptionModule_10 () from /usr/local/lib/firefox/libxul.so.84.0 #9 0x1ada480bf915 in cdm::ContentDecryptionModule_10::~ContentDecryptionModule_10 () from /usr/local/lib/firefox/libxul.so.84.0 #10 0x1ada480c60e9 in cdm::ContentDecryptionModule_10::~ContentDecryptionModule_10 () from /usr/local/lib/firefox/libxul.so.84.0 #11 0x1ada47f63ada in std::__1::__split_buffer&>::push_front () from /usr/local/lib/firefox/libxul.so.84.0 #12 0x1ada47f5dc46 in std::__1::__split_buffer&>::push_front () from /usr/local/lib/firefox/libxul.so.84.0 #13 0x1ada47f5da7b in std::__1::__split_buffer&>::push_front () from /usr/local/lib/firefox/libxul.so.84.0 #14 0x1ada47f9047d in std::__1::__split_buffer&>::push_front () from /usr/local/lib/firefox/libxul.so.84.0 #15 0x1ada461232f8 in std::__1::function::swap () from /usr/local/lib/firefox/libxul.so.84.0 #16 0x1ada46120f51 in std::__1::function::swap () from /usr/local/lib/firefox/libxul.so.84.0 #17 0x1ada46134a3e in std::__1::function::swap () from /usr/local/lib/firefox/libxul.so.84.0 #18 0x1ada46134b9b in std::__1::function::swap () from /usr/local/lib/firefox/libxul.so.84.0 #19 0x1ada46130c32 in std::__1::function::swap () from /usr/local/lib/firefox/libxul.so.84.0 #20 0x1ada46133271 in std::__1::function::swap () from /usr/local/lib/firefox/libxul.so.84.0 #21 0x1ada4655eb47 in std::__1::vector >::__append () from /usr/local/lib/firefox/libxul.so.84.0 #22 0x1ada464dc85f in std::__1::vector, std::__1::allocator >, std::__1::allocator, std::__1::allocator > > >::insert, std::__1::allocator >*> > () from /usr/local/lib/firefox/libxul.so.84.0 #23 0x1ada4612e92d in std::__1::function::swap () from /usr/local/lib/firefox/libxul.so.84.0 #24 0x1adaa590c0a9 in _pt_root (arg=0x1adab98c4100) at ptthread.c:201 #25 0x1adac18e2771 in _rthread_start (v=Variable "v" is not available. ) at /usr/src/lib/librthread/rthread.c:96 #26 0x1ada973897c8 in __tfork_thread () at /usr/src/lib/libc/arch/amd64/sys/tfork_thread.S:77 #27 0x in ?? () Current language: auto; currently asm