[Bug 2304189] Review Request: mozilla-openh264 - H.264 codec support for Firefox

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



https://bugzilla.redhat.com/show_bug.cgi?id=2304189

Hector Martin <marcan@xxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
              Flags|needinfo?(marcan@xxxxxxxxx) |



--- Comment #30 from Hector Martin <marcan@xxxxxxxxx> ---
Why can't we just patch firefox to add the openh264 lib to the sandbox?

https://searchfox.org/mozilla-central/source/security/sandbox/linux/Sandbox.cpp#730

The file list is right there. This seems like a reasonable use case. This isn't
the first time we had to get browser sandboxes modified to fix stuff (e.g. we
had it with Mesa driver stuff in Chrome IIRC).

More generally: This is arguably a bug in Firefox. The plugin .so links to
libopenh264 using standard dynamic linking (it doesn't try to dlopen() it at
runtime or anything). That means Firefox has the capacity to inspect the plugin
file before loading it and add its required libraries to the allowed files
list. In fact it requires other libs:

# ldd module/libgmp-openh264.so
        linux-vdso.so.1 (0x0000ffffbb150000)
        libopenh264.so.7 => /lib64/libopenh264.so.7 (0x0000ffffbb070000)
        libstdc++.so.6 => /lib64/libstdc++.so.6 (0x0000ffffbae00000)
        libm.so.6 => /lib64/libm.so.6 (0x0000ffffbad50000)
        libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x0000ffffbacf0000)
        libc.so.6 => /lib64/libc.so.6 (0x0000ffffbab10000)
        /lib/ld-linux-aarch64.so.1 (0x0000ffffbb108000)

I suspect the only reason this worked at all until now is because Firefox
already loads all of those other libraries (libstdc++.so.6, libm, etc.) so the
dynamic linker doesn't have to open the files again when loading the plugin.

Re FAR, I think we just need to make sure all of our extrafiles are installed
in one dnf invocation. As long as openh264 and mozilla-openh264 are both
extrafiles and installed together, I don't think dnf will complain.


-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
https://bugzilla.redhat.com/show_bug.cgi?id=2304189

Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-spam&short_desc=Report%20of%20Bug%202304189%23c30

-- 
_______________________________________________
package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite Conditions]     [KDE Users]

  Powered by Linux