Bug 1372428 - Deal with uname() in media plugins. r=gcp, a=jcristau
authorJed Davis <jld@mozilla.com>
Fri, 07 Jul 2017 08:58:33 -0600
changeset 414356 e5e3e626cdaf6b52570b242fe38c1d7f03079a22
parent 414355 46395cf00273964063bad976590cdfb509449619
child 414357 01af915e2e85c9f116aa92ff5c2ea76dd7ca75fa
push id1490
push usermtabara@mozilla.com
push dateMon, 31 Jul 2017 14:08:16 +0000
treeherdermozilla-release@70e32e6bf15e [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersgcp, jcristau
bugs1372428
milestone55.0
Bug 1372428 - Deal with uname() in media plugins. r=gcp, a=jcristau MozReview-Commit-ID: JVzjs80Yuex
security/sandbox/linux/SandboxFilter.cpp
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@@ -6,28 +6,30 @@
 
 #include "SandboxFilter.h"
 #include "SandboxFilterUtil.h"
 
 #include "SandboxBrokerClient.h"
 #include "SandboxInfo.h"
 #include "SandboxInternal.h"
 #include "SandboxLogging.h"
+#include "mozilla/PodOperations.h"
 #include "mozilla/UniquePtr.h"
 
 #include <errno.h>
 #include <fcntl.h>
 #include <linux/ipc.h>
 #include <linux/net.h>
 #include <linux/prctl.h>
 #include <linux/sched.h>
 #include <string.h>
 #include <sys/mman.h>
 #include <sys/socket.h>
 #include <sys/syscall.h>
+#include <sys/utsname.h>
 #include <time.h>
 #include <unistd.h>
 #include <vector>
 #include <algorithm>
 
 #include "sandbox/linux/bpf_dsl/bpf_dsl.h"
 #include "sandbox/linux/system_headers/linux_seccomp.h"
 #include "sandbox/linux/system_headers/linux_syscalls.h"
@@ -943,16 +945,28 @@ class GMPSandboxPolicy : public SandboxP
                      aArgs.args[3],
                      aArgs.args[4],
                      aArgs.args[5]);
     }
     SANDBOX_LOG_ERROR("unsupported tid in SchedTrap");
     return BlockedSyscallTrap(aArgs, nullptr);
   }
 
+  static intptr_t UnameTrap(const sandbox::arch_seccomp_data& aArgs,
+                            void* aux)
+  {
+    const auto buf = reinterpret_cast<struct utsname*>(aArgs.args[0]);
+    PodZero(buf);
+    // The real uname() increases fingerprinting risk for no benefit.
+    // This is close enough.
+    strcpy(buf->sysname, "Linux");
+    strcpy(buf->version, "3");
+    return 0;
+  };
+
   SandboxOpenedFile* mPlugin;
 public:
   explicit GMPSandboxPolicy(SandboxOpenedFile* aPlugin)
   : mPlugin(aPlugin)
   {
     MOZ_ASSERT(aPlugin->mPath[0] == '/', "plugin path should be absolute");
   }
 
@@ -993,16 +1007,20 @@ public:
       return If(pid == 0, Allow())
         .Else(Trap(SchedTrap, nullptr));
     }
 
     // For clock(3) on older glibcs; bug 1304220.
     case __NR_times:
       return Allow();
 
+    // Bug 1372428
+    case __NR_uname:
+      return Trap(UnameTrap, nullptr);
+
     default:
       return SandboxPolicyCommon::EvaluateSyscall(sysno);
     }
   }
 };
 
 UniquePtr<sandbox::bpf_dsl::Policy>
 GetMediaSandboxPolicy(SandboxOpenedFile* aPlugin)