Bug 1310116 - Allow waitpid but warn on creating processes in content. r=jld
authorGian-Carlo Pascutto <gcp@mozilla.com>
Tue, 25 Oct 2016 20:43:42 +0200
changeset 319828 15775247c226598e8b00a5229c4f2c20a35b2c3a
parent 319827 042d532e3d9e553c89062ba169940602558755ff
child 319829 045cb5724eaf1a34be2748e59ee2ebd353d24f4b
push id30880
push userphilringnalda@gmail.com
push dateFri, 28 Oct 2016 02:22:06 +0000
treeherdermozilla-central@944cb0fd0552 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjld
bugs1310116
milestone52.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1310116 - Allow waitpid but warn on creating processes in content. r=jld MozReview-Commit-ID: JjNfA6wUe3T
security/sandbox/linux/SandboxFilter.cpp
xpcom/threads/nsProcessCommon.cpp
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@@ -714,16 +714,19 @@ public:
     case __NR_clock_getres:
     CASES_FOR_getresuid:
     CASES_FOR_getresgid:
       return Allow();
 
     case __NR_umask:
     case __NR_kill:
     case __NR_wait4:
+#ifdef __NR_waitpid
+    case __NR_waitpid:
+#endif
 #ifdef __NR_arch_prctl
     case __NR_arch_prctl:
 #endif
       return Allow();
 
     case __NR_eventfd2:
     case __NR_inotify_init1:
     case __NR_inotify_add_watch:
--- a/xpcom/threads/nsProcessCommon.cpp
+++ b/xpcom/threads/nsProcessCommon.cpp
@@ -18,16 +18,17 @@
 #include "nsAutoPtr.h"
 #include "nsMemory.h"
 #include "nsProcess.h"
 #include "prio.h"
 #include "prenv.h"
 #include "nsCRT.h"
 #include "nsThreadUtils.h"
 #include "nsIObserverService.h"
+#include "nsXULAppAPI.h"
 #include "mozilla/Services.h"
 
 #include <stdlib.h>
 
 #if defined(PROCESSMODEL_WINAPI)
 #include "prmem.h"
 #include "nsString.h"
 #include "nsLiteralString.h"
@@ -425,16 +426,19 @@ nsProcess::CopyArgsAndRunProcessw(bool a
   free(my_argv);
   return rv;
 }
 
 nsresult
 nsProcess::RunProcess(bool aBlocking, char** aMyArgv, nsIObserver* aObserver,
                       bool aHoldWeak, bool aArgsUTF8)
 {
+  NS_WARNING_ASSERTION(!XRE_IsContentProcess(),
+                       "No launching of new processes in the content process");
+
   if (NS_WARN_IF(!mExecutable)) {
     return NS_ERROR_NOT_INITIALIZED;
   }
   if (NS_WARN_IF(mThread)) {
     return NS_ERROR_ALREADY_INITIALIZED;
   }
 
   if (aObserver) {