Bug 920372 - Allow tgkill only for threads of the calling process itself. r=kang
authorJed Davis <jld@mozilla.com>
Tue, 20 May 2014 18:38:06 -0700
changeset 184043 2adbb2797d8b4add9ad4db27090d7f6b26d6a3ee
parent 184042 b56d5602d0cdcc7f06a82538e52fde16aa0d84a3
child 184044 179363be564197fc8907d08823bd06609257ece4
push id26810
push usercbook@mozilla.com
push dateWed, 21 May 2014 11:46:36 +0000
treeherdermozilla-central@50fb8c4db2fd [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskang
bugs920372
milestone32.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 920372 - Allow tgkill only for threads of the calling process itself. r=kang
security/sandbox/linux/SandboxFilter.cpp
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@@ -204,17 +204,17 @@ SandboxFilterImpl::Build() {
   // sigprocmask is a compatibility shim that assumes the pre-RT size.
 #if SYSCALL_EXISTS(sigprocmask)
   Allow(SYSCALL(sigprocmask));
 #endif
   Allow(SYSCALL(rt_sigprocmask));
 
   // Used by profiler.  Also used for raise(), which causes problems
   // with Android KitKat abort(); see bug 1004832.
-  Allow(SYSCALL(tgkill));
+  Allow(SYSCALL_WITH_ARG(tgkill, 0, getpid()));
 
   /* B2G specific low-frequency syscalls */
 #ifdef MOZ_WIDGET_GONK
 #if !SYSCALL_EXISTS(socketcall)
   Allow(SYSCALL(sendto));
   Allow(SYSCALL(recvfrom));
 #endif
   Allow(SYSCALL_LARGEFILE(getdents, getdents64));