Bug 1310116 - Allow waitpid but warn on creating processes in content. r=jld
authorGian-Carlo Pascutto <gcp@mozilla.com>
Tue, 25 Oct 2016 20:43:42 +0200
changeset 319829 15775247c226598e8b00a5229c4f2c20a35b2c3a
parent 319828 042d532e3d9e553c89062ba169940602558755ff
child 319830 045cb5724eaf1a34be2748e59ee2ebd353d24f4b
push id20748
push userphilringnalda@gmail.com
push dateFri, 28 Oct 2016 03:39:55 +0000
treeherderfx-team@715360440695 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjld
bugs1310116
milestone52.0a1
Bug 1310116 - Allow waitpid but warn on creating processes in content. r=jld MozReview-Commit-ID: JjNfA6wUe3T
security/sandbox/linux/SandboxFilter.cpp
xpcom/threads/nsProcessCommon.cpp
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@@ -714,16 +714,19 @@ public:
     case __NR_clock_getres:
     CASES_FOR_getresuid:
     CASES_FOR_getresgid:
       return Allow();
 
     case __NR_umask:
     case __NR_kill:
     case __NR_wait4:
+#ifdef __NR_waitpid
+    case __NR_waitpid:
+#endif
 #ifdef __NR_arch_prctl
     case __NR_arch_prctl:
 #endif
       return Allow();
 
     case __NR_eventfd2:
     case __NR_inotify_init1:
     case __NR_inotify_add_watch:
--- a/xpcom/threads/nsProcessCommon.cpp
+++ b/xpcom/threads/nsProcessCommon.cpp
@@ -18,16 +18,17 @@
 #include "nsAutoPtr.h"
 #include "nsMemory.h"
 #include "nsProcess.h"
 #include "prio.h"
 #include "prenv.h"
 #include "nsCRT.h"
 #include "nsThreadUtils.h"
 #include "nsIObserverService.h"
+#include "nsXULAppAPI.h"
 #include "mozilla/Services.h"
 
 #include <stdlib.h>
 
 #if defined(PROCESSMODEL_WINAPI)
 #include "prmem.h"
 #include "nsString.h"
 #include "nsLiteralString.h"
@@ -425,16 +426,19 @@ nsProcess::CopyArgsAndRunProcessw(bool a
   free(my_argv);
   return rv;
 }
 
 nsresult
 nsProcess::RunProcess(bool aBlocking, char** aMyArgv, nsIObserver* aObserver,
                       bool aHoldWeak, bool aArgsUTF8)
 {
+  NS_WARNING_ASSERTION(!XRE_IsContentProcess(),
+                       "No launching of new processes in the content process");
+
   if (NS_WARN_IF(!mExecutable)) {
     return NS_ERROR_NOT_INITIALIZED;
   }
   if (NS_WARN_IF(mThread)) {
     return NS_ERROR_ALREADY_INITIALIZED;
   }
 
   if (aObserver) {