Bug 1080165 - Allow setpriority() to fail without crashing in media plugins on Linux. r=kang
authorJed Davis <jld@mozilla.com>
Thu, 16 Oct 2014 12:42:00 +0200
changeset 211000 11f1649bd31a1696dcf5fb27c0ca6badb0e446dd
parent 210999 c58d8895c9ed1c8fdabece57e428611778265373
child 211001 4f9432db3e7794c33ac64c8527699427380900ad
push id1
push userroot
push dateMon, 20 Oct 2014 17:29:22 +0000
reviewerskang
bugs1080165
milestone36.0a1
Bug 1080165 - Allow setpriority() to fail without crashing in media plugins on Linux. r=kang
security/sandbox/linux/SandboxFilter.cpp
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@@ -376,16 +376,19 @@ void SandboxFilterImplGMP::Build() {
 
 #if SYSCALL_EXISTS(set_robust_list)
   Allow(SYSCALL(set_robust_list));
 #endif
 
   // NSPR can call this when creating a thread, but it will accept a
   // polite "no".
   Deny(EACCES, SYSCALL(getpriority));
+  // But if thread creation races with sandbox startup, that call
+  // could succeed, and then we get one of these:
+  Deny(EACCES, SYSCALL(setpriority));
 
   // Stack bounds are obtained via pthread_getattr_np, which calls
   // this but doesn't actually need it:
   Deny(ENOSYS, SYSCALL(sched_getaffinity));
 
 #ifdef MOZ_ASAN
   Allow(SYSCALL(sigaltstack));
 #endif