Bug 1310116 - Allow waitpid but warn on creating processes in content. r?jld draft
authorGian-Carlo Pascutto <gcp@mozilla.com>
Tue, 25 Oct 2016 20:43:42 +0200
changeset 429325 ad565d238e7554a951d2f6b4e076918bdfd7a450
parent 429280 dcceab0eaadb759a005908c35f7047ed40952c90
child 534954 2d06e28c43d84c2c15d27f42074dd5c3f196400e
push id33547
push usergpascutto@mozilla.com
push dateTue, 25 Oct 2016 18:44:07 +0000
reviewersjld
bugs1310116
milestone52.0a1
Bug 1310116 - Allow waitpid but warn on creating processes in content. r?jld MozReview-Commit-ID: JjNfA6wUe3T
security/sandbox/linux/SandboxFilter.cpp
xpcom/threads/nsProcessCommon.cpp
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@@ -714,16 +714,19 @@ public:
     case __NR_clock_getres:
     CASES_FOR_getresuid:
     CASES_FOR_getresgid:
       return Allow();
 
     case __NR_umask:
     case __NR_kill:
     case __NR_wait4:
+#ifdef __NR_waitpid
+    case __NR_waitpid:
+#endif
 #ifdef __NR_arch_prctl
     case __NR_arch_prctl:
 #endif
       return Allow();
 
     case __NR_eventfd2:
     case __NR_inotify_init1:
     case __NR_inotify_add_watch:
--- a/xpcom/threads/nsProcessCommon.cpp
+++ b/xpcom/threads/nsProcessCommon.cpp
@@ -18,16 +18,17 @@
 #include "nsAutoPtr.h"
 #include "nsMemory.h"
 #include "nsProcess.h"
 #include "prio.h"
 #include "prenv.h"
 #include "nsCRT.h"
 #include "nsThreadUtils.h"
 #include "nsIObserverService.h"
+#include "nsXULAppAPI.h"
 #include "mozilla/Services.h"
 
 #include <stdlib.h>
 
 #if defined(PROCESSMODEL_WINAPI)
 #include "prmem.h"
 #include "nsString.h"
 #include "nsLiteralString.h"
@@ -425,16 +426,19 @@ nsProcess::CopyArgsAndRunProcessw(bool a
   free(my_argv);
   return rv;
 }
 
 nsresult
 nsProcess::RunProcess(bool aBlocking, char** aMyArgv, nsIObserver* aObserver,
                       bool aHoldWeak, bool aArgsUTF8)
 {
+  NS_WARNING_ASSERTION(!XRE_IsContentProcess(),
+                       "No launching of new processes in the content process");
+
   if (NS_WARN_IF(!mExecutable)) {
     return NS_ERROR_NOT_INITIALIZED;
   }
   if (NS_WARN_IF(mThread)) {
     return NS_ERROR_ALREADY_INITIALIZED;
   }
 
   if (aObserver) {