Bug 1320834 - Reduce prctl policy for desktop content processes. r=gcp
authorJed Davis <jld@mozilla.com>
Wed, 12 Apr 2017 18:41:20 -0600
changeset 386472 c006ddf45ea82e700275ebdd848eae34d3f67d85
parent 386471 a55ef97febd996e5c602b0c7b89e17d8fefee056
child 386473 fab13cda2355312461539ff089bedc32fb2cbdaf
push id32694
push userarchaeopteryx@coole-files.de
push dateTue, 17 Oct 2017 09:43:13 +0000
treeherdermozilla-central@3bd3448d9684 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersgcp
bugs1320834
milestone58.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1320834 - Reduce prctl policy for desktop content processes. r=gcp This removes the allow-all override in the content policy, which means it will fall back to the more restrictive prctl policy in SandboxPolicyCommon. MozReview-Commit-ID: CncoGi0HLxR
security/sandbox/linux/SandboxFilter.cpp
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@@ -528,21 +528,16 @@ private:
   }
 
 public:
   explicit ContentSandboxPolicy(SandboxBrokerClient* aBroker,
                                 const std::vector<int>& aSyscallWhitelist)
     : mBroker(aBroker),
       mSyscallWhitelist(aSyscallWhitelist) {}
   ~ContentSandboxPolicy() override = default;
-  ResultExpr PrctlPolicy() const override {
-    // Ideally this should be restricted to a whitelist, but content
-    // uses enough things that it's not trivial to determine it.
-    return Allow();
-  }
   Maybe<ResultExpr> EvaluateSocketCall(int aCall) const override {
     switch(aCall) {
     case SYS_RECVFROM:
     case SYS_SENDTO:
     case SYS_SENDMMSG: // libresolv via libasyncns; see bug 1355274
       return Some(Allow());
 
     case SYS_SOCKETPAIR: {
@@ -840,21 +835,16 @@ public:
     case __NR_wait4:
 #ifdef __NR_waitpid
     case __NR_waitpid:
 #endif
       // NSPR will start a thread to wait for child processes even if
       // fork() fails; see bug 227246 and bug 1299581.
       return Error(ECHILD);
 
-#ifdef __NR_arch_prctl
-    case __NR_arch_prctl:
-#endif
-      return Allow();
-
     case __NR_eventfd2:
     case __NR_inotify_init:
     case __NR_inotify_init1:
     case __NR_inotify_add_watch:
     case __NR_inotify_rm_watch:
       return Allow();
 
 #ifdef __NR_memfd_create