Bug 1489735 - Quietly deny sched_setaffinity in content process sandbox r=gcp
authorJed Davis <jld@mozilla.com>
Mon, 17 Sep 2018 16:43:52 +0000
changeset 492606 026130a68e7c9a54d0995a485cd941aad9a3c30c
parent 492605 9205d38f866cc1e50cb67c87fe2a02654cde8417
child 492607 d07de0b49710184495ad4f25b52517f0e44bd222
push id9984
push userffxbld-merge
push dateMon, 15 Oct 2018 21:07:35 +0000
treeherdermozilla-beta@183d27ea8570 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersgcp
bugs1489735
milestone64.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1489735 - Quietly deny sched_setaffinity in content process sandbox r=gcp Differential Revision: https://phabricator.services.mozilla.com/D5908
security/sandbox/linux/SandboxFilter.cpp
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@@ -1096,16 +1096,21 @@ public:
     case __NR_sched_getparam:
     case __NR_sched_setparam:
 #ifdef DESKTOP
     case __NR_sched_getaffinity:
 #endif
       return Allow();
 
 #ifdef DESKTOP
+    case __NR_sched_setaffinity:
+      return Error(EPERM);
+#endif
+
+#ifdef DESKTOP
     case __NR_pipe2:
       return Allow();
 
     CASES_FOR_getrlimit:
     case __NR_clock_getres:
     CASES_FOR_getresuid:
     CASES_FOR_getresgid:
       return Allow();