Bug 1434392 - Don't preload libmozsandbox in grandchild processes, only the sandboxed children themselves. r=gcp
authorJed Davis <jld@mozilla.com>
Wed, 07 Mar 2018 18:55:20 -0700
changeset 462265 07b6161c7f60c5bc4d71388d952f1e643cdc8837
parent 462264 752aded5e1fa4c61493bc329d40f37ae81003e5e
child 462266 2a403dec22d8ad4ba4c2a4a501f96959f02ee7db
push id1683
push usersfraser@mozilla.com
push dateThu, 26 Apr 2018 16:43:40 +0000
treeherdermozilla-release@5af6cb21869d [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersgcp
bugs1434392
milestone60.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1434392 - Don't preload libmozsandbox in grandchild processes, only the sandboxed children themselves. r=gcp
security/sandbox/linux/Sandbox.cpp
security/sandbox/linux/launch/SandboxLaunch.cpp
--- a/security/sandbox/linux/Sandbox.cpp
+++ b/security/sandbox/linux/Sandbox.cpp
@@ -475,16 +475,26 @@ static const Array<const char*, 1> kLibs
 #endif // NIGHTLY_BUILD
 
 void
 SandboxEarlyInit() {
   if (PR_GetEnv("MOZ_SANDBOXED") == nullptr) {
     return;
   }
 
+  // Fix LD_PRELOAD for any child processes.  See bug 1434392 comment #10;
+  // this can probably go away when audio remoting is mandatory.
+  const char* oldPreload = PR_GetEnv("MOZ_ORIG_LD_PRELOAD");
+  char* preloadEntry;
+  // This string is "leaked" because the environment takes ownership.
+  if (asprintf(&preloadEntry, "LD_PRELOAD=%s",
+               oldPreload ? oldPreload : "") != -1) {
+    PR_SetEnv(preloadEntry);
+  }
+
   // If TSYNC is not supported, set up signal handler
   // used to enable seccomp on each thread.
   if (!SandboxInfo::Get().Test(SandboxInfo::kHasSeccompTSync)) {
     // The signal number has to be chosen early, so that the
     // interceptions in SandboxHooks.cpp can prevent it from being
     // masked.
     const int tsyncSignum = FindFreeSignalNumber();
     if (tsyncSignum == 0) {
--- a/security/sandbox/linux/launch/SandboxLaunch.cpp
+++ b/security/sandbox/linux/launch/SandboxLaunch.cpp
@@ -152,16 +152,17 @@ PreloadSandboxLib(base::environment_map*
   nsAutoCString preload;
   // Prepend this, because people can and do preload libpthread.
   // (See bug 1222500.)
   preload.AssignLiteral("libmozsandbox.so");
   if (const char* oldPreload = PR_GetEnv("LD_PRELOAD")) {
     // Doesn't matter if oldPreload is ""; extra separators are ignored.
     preload.Append(' ');
     preload.Append(oldPreload);
+    (*aEnv)["MOZ_ORIG_LD_PRELOAD"] = oldPreload;
   }
   MOZ_ASSERT(aEnv->count("LD_PRELOAD") == 0);
   (*aEnv)["LD_PRELOAD"] = preload.get();
 }
 
 static void
 AttachSandboxReporter(base::file_handle_mapping_vector* aFdMap)
 {