On Fri, Oct 04, 2019 at 11:14:18AM +0200, Solene Rapenne wrote:
> On Fri, Oct 04, 2019 at 10:00:18AM +0100, Stuart Henderson wrote:
> > On 2019/10/04 09:13, Solene Rapenne wrote:
> > > On Wed, Oct 02, 2019 at 10:54:36AM +0200, Solene Rapenne wrote:
> > > > On Wed, Sep 25, 2019 at 11:25:59AM -0500,
On Fri, Oct 04, 2019 at 10:00:18AM +0100, Stuart Henderson wrote:
> On 2019/10/04 09:13, Solene Rapenne wrote:
> > On Wed, Oct 02, 2019 at 10:54:36AM +0200, Solene Rapenne wrote:
> > > On Wed, Sep 25, 2019 at 11:25:59AM -0500, joshua stein wrote:
> > > > This patchset goes back to files in
On 2019/10/04 10:00, Stuart Henderson wrote:
> I wonder if a process without network pledge could be trying to fetch a
> missing intermediary cert from the address in the "CA Issuers" field in
> the cert. Might get some more information if you show the connection
> and cert from "openssl s_client
On 2019/10/04 09:13, Solene Rapenne wrote:
> On Wed, Oct 02, 2019 at 10:54:36AM +0200, Solene Rapenne wrote:
> > On Wed, Sep 25, 2019 at 11:25:59AM -0500, joshua stein wrote:
> > > This patchset goes back to files in /etc/firefox for unveil file
> > > lists, and goes further and moves the pledge
On Wed, Oct 02, 2019 at 10:54:36AM +0200, Solene Rapenne wrote:
> On Wed, Sep 25, 2019 at 11:25:59AM -0500, joshua stein wrote:
> > This patchset goes back to files in /etc/firefox for unveil file
> > lists, and goes further and moves the pledge strings to separate
> > files too. This should be
On Thu, Oct 03, 2019 at 07:59:33PM -0500, joshua stein wrote:
> On Fri, 04 Oct 2019 at 01:05:12 +0200, Solene Rapenne wrote:
> > I found this line just before writing a gigantic core file
> >
> > 52304 firefox CALL ioctl(124,VIDIOC_QUERYCAP,0x1d9a1d7ac158)
> >
> > I'm not sure what I need to
joshua stein wrote:
> On Fri, 04 Oct 2019 at 01:05:12 +0200, Solene Rapenne wrote:
> > I found this line just before writing a gigantic core file
> >
> > 52304 firefox CALL ioctl(124,VIDIOC_QUERYCAP,0x1d9a1d7ac158)
> >
> > I'm not sure what I need to search for the fd, I found these lines
>
joshua stein wrote:
> On Fri, 04 Oct 2019 at 01:05:12 +0200, Solene Rapenne wrote:
> > I found this line just before writing a gigantic core file
> >
> > 52304 firefox CALL ioctl(124,VIDIOC_QUERYCAP,0x1d9a1d7ac158)
> >
> > I'm not sure what I need to search for the fd, I found these lines
>
On Fri, 04 Oct 2019 at 01:05:12 +0200, Solene Rapenne wrote:
> I found this line just before writing a gigantic core file
>
> 52304 firefox CALL ioctl(124,VIDIOC_QUERYCAP,0x1d9a1d7ac158)
>
> I'm not sure what I need to search for the fd, I found these lines
> related to "124".
>
> 52304
Solene Rapenne wrote:
> I found this line just before writing a gigantic core file
>
> 52304 firefox CALL ioctl(124,VIDIOC_QUERYCAP,0x1d9a1d7ac158)
>
> I'm not sure what I need to search for the fd, I found these lines
> related to "124".
>
> 52304 firefox NAMI "/dev/video0"
> 52304
On Thu, Oct 03, 2019 at 04:25:23PM -0600, Theo de Raadt wrote:
> Solene Rapenne wrote:
>
> > On Wed, Sep 25, 2019 at 11:25:59AM -0500, joshua stein wrote:
> > > This patchset goes back to files in /etc/firefox for unveil file
> > > lists, and goes further and moves the pledge strings to
Solene Rapenne wrote:
> On Wed, Sep 25, 2019 at 11:25:59AM -0500, joshua stein wrote:
> > This patchset goes back to files in /etc/firefox for unveil file
> > lists, and goes further and moves the pledge strings to separate
> > files too. This should be the most secure version that is still
On Wed, Sep 25, 2019 at 11:25:59AM -0500, joshua stein wrote:
> This patchset goes back to files in /etc/firefox for unveil file
> lists, and goes further and moves the pledge strings to separate
> files too. This should be the most secure version that is still
> tweakable at runtime.
>
> I
On Wed, Sep 25, 2019 at 11:25:59AM -0500, joshua stein wrote:
> This patchset goes back to files in /etc/firefox for unveil file
> lists, and goes further and moves the pledge strings to separate
> files too. This should be the most secure version that is still
> tweakable at runtime.
>
> I
On Fri, 27 Sep 2019 at 15:40:55 +0200, Solene Rapenne wrote:
> On Wed, Sep 25, 2019 at 11:25:59AM -0500, joshua stein wrote:
> > This patchset goes back to files in /etc/firefox for unveil file
> > lists, and goes further and moves the pledge strings to separate
> > files too. This should be
On Wed, Sep 25, 2019 at 11:25:59AM -0500, joshua stein wrote:
> This patchset goes back to files in /etc/firefox for unveil file
> lists, and goes further and moves the pledge strings to separate
> files too. This should be the most secure version that is still
> tweakable at runtime.
>
> I
joshua stein wrote:
Thanks for moving back to a secure approach.
> I tried the $TMPDIR shenanigans with the main process mkdtemp'ing
> somewhere in $TMPDIR (or /tmp), and then exporting TMPDIR as that
> directory so that everything else within Firefox uses that
> subdirectory as its temp
This patchset goes back to files in /etc/firefox for unveil file
lists, and goes further and moves the pledge strings to separate
files too. This should be the most secure version that is still
tweakable at runtime.
I switched away from using Firefox's NS_LOCAL_FILE_CONTRACTID/
18 matches
Mail list logo