Mailinglist Archive: opensuse-security (51 mails)

< Previous Next >
Re: [opensuse-security] Firefox access demands
Am 16.09.2014 um 07:56 schrieb Wolfgang Rosenauer:
Hi,

Am 16.09.2014 um 07:44 schrieb Marcus Meissner:
On Mon, Sep 15, 2014 at 07:36:41PM +0200, pinguin74 wrote:
Hello,

I just see, Firefox wants to acces /proc/tty/drivers and asks for PTRACE
use.

Is it safe to grant this access? What are the risks connected to
accessing these things? Currently Firefox seem to work well without
granting these things...

I do not see why it would need it.

You can always disable it and see what happens? :)

ptrace is dangerous as it allows to control all other processes of
the same UID.

From a very quick scan of the Firefox sources I can find basically two
possibilities:
- builtin stack unwinding (in crashreporter/breakpad and ?libstagefright?
- sandbox (from FF 33 up)

This is obviously only the Mozilla code. The access could be done from an
external lib as well I guess.


Wolfgang

--
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-security+owner@xxxxxxxxxxxx

< Previous Next >