Mailinglist Archive: opensuse-security (51 mails)

< Previous Next >
Re: [opensuse-security] Firefox access demands
Hi,

Am 16.09.2014 um 07:44 schrieb Marcus Meissner:
On Mon, Sep 15, 2014 at 07:36:41PM +0200, pinguin74 wrote:
Hello,

I just see, Firefox wants to acces /proc/tty/drivers and asks for PTRACE
use.

Is it safe to grant this access? What are the risks connected to
accessing these things? Currently Firefox seem to work well without
granting these things...

I do not see why it would need it.

You can always disable it and see what happens? :)

ptrace is dangerous as it allows to control all other processes of
the same UID.

From a very quick scan of the Firefox sources I can find basically two
possibilities:
- builtin stack unwinding (in crashreporter/breakpad and ?libstagefright?
- sandbox (from FF 33 up)


Wolfgang
--
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-security+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups