Bug 974230 - Adjust sandbox so that socket() simply fails. r=kang
authorJed Davis <jld@mozilla.com>
Thu, 20 Feb 2014 09:35:44 -0500
changeset 170049 f75f99b377eeb5fa0d9534f959df405d0e8bda75
parent 170048 bb62f23c7c558732c6f794f34d7db16247844834
child 170050 e2d30842fedb1056f32ed4b8afe0ee70ce413161
push id270
push userpvanderbeken@mozilla.com
push dateThu, 06 Mar 2014 09:24:21 +0000
reviewerskang
bugs974230, 969715, 936320
milestone30.0a1
Bug 974230 - Adjust sandbox so that socket() simply fails. r=kang This is a workaround for issues with the SCTP code (bug 969715) and NSPR's IPv6 support (bug 936320).
security/sandbox/linux/linux_seccomp.h
security/sandbox/linux/seccomp_filter.h
--- a/security/sandbox/linux/linux_seccomp.h
+++ b/security/sandbox/linux/linux_seccomp.h
@@ -236,20 +236,24 @@ struct arch_sigsys {
         BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW)
 
 #if defined(__arm__) && (defined(__thumb__) || defined(__ARM_EABI__))
 #define ALLOW_ARM_SYSCALL(name) \
         BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __ARM_NR_##name, 0, 1), \
         BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW)
 #endif
 
-#define DENY_SYSCALL(name) \
+#define DENY_KILL_SYSCALL(name) \
         BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_##name, 0, 1), \
         BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL)
 
+#define DENY_SYSCALL(name, err) \
+        BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_##name, 0, 1), \
+        BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ERRNO + err)
+
 #define KILL_PROCESS \
         BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL)
 
 #define TRAP_PROCESS \
         BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_TRAP)
 
 #define ALLOW_PROCESS \
         BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW)
--- a/security/sandbox/linux/seccomp_filter.h
+++ b/security/sandbox/linux/seccomp_filter.h
@@ -78,27 +78,29 @@
 /* Architecture-specific syscalls that should eventually be removed */
 #if defined(__arm__)
 #define SECCOMP_WHITELIST_ARCH_TOREMOVE \
   ALLOW_SYSCALL(fstat64), \
   ALLOW_SYSCALL(stat64), \
   ALLOW_SYSCALL(lstat64), \
   ALLOW_SYSCALL(socketpair), \
   ALLOW_SYSCALL(sendmsg), \
-  ALLOW_SYSCALL(sigprocmask),
+  ALLOW_SYSCALL(sigprocmask), \
+  DENY_SYSCALL(socket, EACCES),
 #elif defined(__i386__)
 #define SECCOMP_WHITELIST_ARCH_TOREMOVE \
   ALLOW_SYSCALL(fstat64), \
   ALLOW_SYSCALL(stat64), \
   ALLOW_SYSCALL(lstat64), \
   ALLOW_SYSCALL(sigprocmask),
 #else
 #define SECCOMP_WHITELIST_ARCH_TOREMOVE \
   ALLOW_SYSCALL(socketpair), \
-  ALLOW_SYSCALL(sendmsg),
+  ALLOW_SYSCALL(sendmsg), \
+  DENY_SYSCALL(socket, EACCES),
 #endif
 
 /* Architecture-specific syscalls for desktop linux */
 #if defined(__arm__)
 #define SECCOMP_WHITELIST_ARCH_DESKTOP_LINUX
 #elif defined(__i386__)
 #define SECCOMP_WHITELIST_ARCH_DESKTOP_LINUX
 #elif defined(__x86_64__)