chromium 14 broken with libnss3-1d from sid
Vincent Bernat
bernat at debian.org
Sat Nov 19 12:46:35 UTC 2011
OoO En ce milieu de nuit étoilée du mercredi 16 novembre 2011, vers
03:19, Jonathan Nieder <jrnieder at gmail.com> disait :
>> All I know is that changing the source to say
>>
>> if (nodb_init) {
>> std::cerr << "about to call NSS_NoDB_Init(NULL)\n";
>> status = NSS_NoDB_Init(NULL);
>> std::cerr << "finished NSS_NoDB_Init(NULL)\n";
>>
>> causes the "about to call" line to be printed, but the "finished" line
>> not to.
> Weird. It ends in here (mozilla/security/nss/lib/freebl/drbg.c):
> | static PRStatus rng_init(void)
> | {
> | PRUint8 bytes[PRNG_SEEDLEN*2]; /* entropy + nonce */
> | unsigned int numBytes;
> | fprintf(stderr, "not printed\n"); <--- not reached
> [...]
> | SECStatus
> | RNG_RNGInit(void)
> | {
> | /* Allow only one call to initialize the context */
> | fprintf(stderr, "about to call rng_init()\n"); <--- reached
> | PR_CallOnce(&coRNGInit, rng_init);
> | fprintf(stderr, "not printed\n"); <--- not reached
> Call chain:
> ... -> NSC_Initialize() -> nsc_CommonInitialize() ->
> loader.c::RNGInit() -> drbg.c::RNG_RNGInit()
I have tried to help too but I don't have enough resources to compile
Chromium. I was thinking modifying setuid helper to not chroot nor
change its namespace. If the bug is still present in this configuration,
this would allow to get an appropriate core dump.
In sandbox.c, I would suppress chdir(), chroot() and chdir() calls in
SpawnChrootHelper(). I would also replace MoveToNewNamespaces() by
"return true;". Running with no limit for core dumps would allow to get
a core file. Maybe this will give additional hints.
--
Vincent Bernat ☯ http://vincent.bernat.im
#define BB_STAT2_TMP_INTR 0x10 /* My Penguins are burning.
Are you able to smell it? */
2.2.16 /usr/src/linux/include/asm-sparc/obio.h
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-mozilla-maintainers/attachments/20111119/d357f0ba/attachment.pgp>
More information about the pkg-mozilla-maintainers
mailing list