Mercurial > mozreview > gecko / changeset / 11f1649bd31a1696dcf5fb27c0ca6badb0e446dd
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 1080165 - Allow setpriority() to fail without crashing in media plugins on Linux. r=kang
authorJed Davis <jld@mozilla.com>
Thu, 16 Oct 2014 12:42:00 +0200
changeset 211000 11f1649bd31a1696dcf5fb27c0ca6badb0e446dd
parent 210999 c58d8895c9ed1c8fdabece57e428611778265373
child 211001 4f9432db3e7794c33ac64c8527699427380900ad
push id1
push userroot
push dateMon, 20 Oct 2014 17:29:22 +0000
reviewerskang
bugs1080165
milestone36.0a1
Bug 1080165 - Allow setpriority() to fail without crashing in media plugins on Linux. r=kang
security/sandbox/linux/SandboxFilter.cpp file | annotate | diff | comparison | revisions 
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@@ -376,16 +376,19 @@ void SandboxFilterImplGMP::Build() {
 
 #if SYSCALL_EXISTS(set_robust_list)
   Allow(SYSCALL(set_robust_list));
 #endif
 
   // NSPR can call this when creating a thread, but it will accept a
   // polite "no".
   Deny(EACCES, SYSCALL(getpriority));
+  // But if thread creation races with sandbox startup, that call
+  // could succeed, and then we get one of these:
+  Deny(EACCES, SYSCALL(setpriority));
 
   // Stack bounds are obtained via pthread_getattr_np, which calls
   // this but doesn't actually need it:
   Deny(ENOSYS, SYSCALL(sched_getaffinity));
 
 #ifdef MOZ_ASAN
   Allow(SYSCALL(sigaltstack));
 #endif
gecko
Deployed from 3d2029ff5e1b at 2022-09-06T15:28:56Z.