Bug 1362601 - Don't crash on sandbox violation if known-problem injected libs are present. r=gcp
authorJed Davis <jld@mozilla.com>
Wed, 07 Jun 2017 16:33:11 -0600
changeset 411421 f7450fa2d7aa1590ac6a4954dbfc4cd8a9557254
parent 411420 ae620d7e41e2d88e9145a3c744dda13eee92c26e
child 411422 79d8f06313932e8f116100390dd153a1c8f9734b
push id7391
push usermtabara@mozilla.com
push dateMon, 12 Jun 2017 13:08:53 +0000
treeherdermozilla-beta@2191d7f87e2e [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersgcp
bugs1362601
milestone55.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1362601 - Don't crash on sandbox violation if known-problem injected libs are present. r=gcp MozReview-Commit-ID: HCbavpMUxYm
security/sandbox/linux/Sandbox.cpp
--- a/security/sandbox/linux/Sandbox.cpp
+++ b/security/sandbox/linux/Sandbox.cpp
@@ -12,16 +12,19 @@
 #include "SandboxChroot.h"
 #include "SandboxFilter.h"
 #include "SandboxInternal.h"
 #include "SandboxLogging.h"
 #include "SandboxReporterClient.h"
 #include "SandboxUtil.h"
 
 #include <dirent.h>
+#ifdef NIGHTLY_BUILD
+#include "dlfcn.h"
+#endif
 #include <errno.h>
 #include <fcntl.h>
 #include <linux/futex.h>
 #include <pthread.h>
 #include <signal.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -502,16 +505,32 @@ SetCurrentProcessSandbox(UniquePtr<sandb
     if (info.Test(SandboxInfo::kVerbose)) {
       SANDBOX_LOG_ERROR("no tsync support; using signal broadcast");
     }
     BroadcastSetThreadSandbox(&fprog);
   }
   MOZ_RELEASE_ASSERT(!gChrootHelper, "forgot to chroot");
 }
 
+#ifdef NIGHTLY_BUILD
+static bool
+IsLibPresent(const char* aName)
+{
+  if (const auto handle = dlopen(aName, RTLD_LAZY | RTLD_NOLOAD)) {
+    dlclose(handle);
+    return true;
+  }
+  return false;
+}
+
+static const Array<const char*, 1> kLibsThatWillCrash {
+  "libesets_pac.so",
+};
+#endif // NIGHTLY_BUILD
+
 void
 SandboxEarlyInit(GeckoProcessType aType)
 {
   const SandboxInfo info = SandboxInfo::Get();
   if (info.Test(SandboxInfo::kUnexpectedThreads)) {
     return;
   }
   MOZ_RELEASE_ASSERT(IsSingleThreaded());
@@ -519,16 +538,22 @@ SandboxEarlyInit(GeckoProcessType aType)
   // Set gSandboxCrashOnError if appropriate.  This doesn't need to
   // happen this early, but for now it's here so that I don't need to
   // add NSPR dependencies for PR_GetEnv.
   //
   // This also means that users with "unexpected threads" setups won't
   // crash even on nightly.
 #ifdef NIGHTLY_BUILD
   gSandboxCrashOnError = true;
+  for (const char* name : kLibsThatWillCrash) {
+    if (IsLibPresent(name)) {
+      gSandboxCrashOnError = false;
+      break;
+    }
+  }
 #endif
   if (const char* envVar = getenv("MOZ_SANDBOX_CRASH_ON_ERROR")) {
     if (envVar[0]) {
       gSandboxCrashOnError = envVar[0] != '0';
     }
   }
 
   // Which kinds of resource isolation (of those that need to be set