Bug 1299581 - Fail waitpid et al. with ECHILD in sandboxed content processes. r=gcp
authorJed Davis <jld@mozilla.com>
Thu, 07 Sep 2017 08:27:32 -0600
changeset 380764 2e6bfbf7e58e0f691bc03fdb5d1fad17f946ccf8
parent 380763 fc25613b26e0fb14544fecf803c7645d43407393
child 380765 40e071f08bf6a3c4f97f77f02fc83ba93dda06e6
push id32496
push userkwierso@gmail.com
push dateThu, 14 Sep 2017 06:17:49 +0000
treeherdermozilla-central@9517eea4a1a5 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersgcp
bugs1299581
milestone57.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1299581 - Fail waitpid et al. with ECHILD in sandboxed content processes. r=gcp MozReview-Commit-ID: 7Qjcnrd7KqK
security/sandbox/linux/SandboxFilter.cpp
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@@ -788,20 +788,26 @@ public:
       // work with pointers, only integer types.
       Arg<uintptr_t> new_limit(2);
       return If(AllOf(pid == 0, new_limit == 0), Allow())
         .Else(InvalidSyscall());
     }
 
     case __NR_umask:
     case __NR_kill:
+      return Allow();
+
     case __NR_wait4:
 #ifdef __NR_waitpid
     case __NR_waitpid:
 #endif
+      // NSPR will start a thread to wait for child processes even if
+      // fork() fails; see bug 227246 and bug 1299581.
+      return Error(ECHILD);
+
 #ifdef __NR_arch_prctl
     case __NR_arch_prctl:
 #endif
       return Allow();
 
     case __NR_eventfd2:
     case __NR_inotify_init:
     case __NR_inotify_init1: