diff options
author | wolfbeast <mcwerewolf@gmail.com> | 2018-05-03 05:55:15 +0200 |
---|---|---|
committer | wolfbeast <mcwerewolf@gmail.com> | 2018-05-03 05:55:15 +0200 |
commit | 43f7a588f96aaf88e7b69441c3b50bc9c7b20df7 (patch) | |
tree | 07d9b26b2f357ee9de04fea0e5e4b8b9a1ff93a4 /security/sandbox/linux/SandboxHooks.cpp | |
parent | 4613b91ecac2745252c40be64e73de5ff920b02b (diff) | |
download | UXP-43f7a588f96aaf88e7b69441c3b50bc9c7b20df7.tar UXP-43f7a588f96aaf88e7b69441c3b50bc9c7b20df7.tar.gz UXP-43f7a588f96aaf88e7b69441c3b50bc9c7b20df7.tar.lz UXP-43f7a588f96aaf88e7b69441c3b50bc9c7b20df7.tar.xz UXP-43f7a588f96aaf88e7b69441c3b50bc9c7b20df7.zip |
Nuke the sandbox
Diffstat (limited to 'security/sandbox/linux/SandboxHooks.cpp')
-rw-r--r-- | security/sandbox/linux/SandboxHooks.cpp | 72 |
1 files changed, 0 insertions, 72 deletions
diff --git a/security/sandbox/linux/SandboxHooks.cpp b/security/sandbox/linux/SandboxHooks.cpp deleted file mode 100644 index eaaf56982..000000000 --- a/security/sandbox/linux/SandboxHooks.cpp +++ /dev/null @@ -1,72 +0,0 @@ -/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ -/* vim: set ts=8 sts=2 et sw=2 tw=80: */ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this file, - * You can obtain one at http://mozilla.org/MPL/2.0/. */ -#include <dlfcn.h> -#include <signal.h> -#include <errno.h> - -#include "mozilla/Types.h" - -#include <stdio.h> -#include <stdlib.h> - -// Signal number used to enable seccomp on each thread. -extern int gSeccompTsyncBroadcastSignum; - -// This file defines a hook for sigprocmask() and pthread_sigmask(). -// Bug 1176099: some threads block SIGSYS signal which breaks our seccomp-bpf -// sandbox. To avoid this, we intercept the call and remove SIGSYS. -// -// ENOSYS indicates an error within the hook function itself. -static int HandleSigset(int (*aRealFunc)(int, const sigset_t*, sigset_t*), - int aHow, const sigset_t* aSet, - sigset_t* aOldSet, bool aUseErrno) -{ - if (!aRealFunc) { - if (aUseErrno) { - errno = ENOSYS; - return -1; - } - - return ENOSYS; - } - - // Avoid unnecessary work - if (aSet == NULL || aHow == SIG_UNBLOCK) { - return aRealFunc(aHow, aSet, aOldSet); - } - - sigset_t newSet = *aSet; - if (sigdelset(&newSet, SIGSYS) != 0 || - (gSeccompTsyncBroadcastSignum && - sigdelset(&newSet, gSeccompTsyncBroadcastSignum) != 0)) { - if (aUseErrno) { - errno = ENOSYS; - return -1; - } - - return ENOSYS; - } - - return aRealFunc(aHow, &newSet, aOldSet); -} - -extern "C" MOZ_EXPORT int -sigprocmask(int how, const sigset_t* set, sigset_t* oldset) -{ - static auto sRealFunc = (int (*)(int, const sigset_t*, sigset_t*)) - dlsym(RTLD_NEXT, "sigprocmask"); - - return HandleSigset(sRealFunc, how, set, oldset, true); -} - -extern "C" MOZ_EXPORT int -pthread_sigmask(int how, const sigset_t* set, sigset_t* oldset) -{ - static auto sRealFunc = (int (*)(int, const sigset_t*, sigset_t*)) - dlsym(RTLD_NEXT, "pthread_sigmask"); - - return HandleSigset(sRealFunc, how, set, oldset, false); -} |