summaryrefslogtreecommitdiffstats
path: root/security/sandbox/linux/SandboxHooks.cpp
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@gmail.com>2018-05-03 05:55:15 +0200
committerwolfbeast <mcwerewolf@gmail.com>2018-05-03 05:55:15 +0200
commit43f7a588f96aaf88e7b69441c3b50bc9c7b20df7 (patch)
tree07d9b26b2f357ee9de04fea0e5e4b8b9a1ff93a4 /security/sandbox/linux/SandboxHooks.cpp
parent4613b91ecac2745252c40be64e73de5ff920b02b (diff)
downloadUXP-43f7a588f96aaf88e7b69441c3b50bc9c7b20df7.tar
UXP-43f7a588f96aaf88e7b69441c3b50bc9c7b20df7.tar.gz
UXP-43f7a588f96aaf88e7b69441c3b50bc9c7b20df7.tar.lz
UXP-43f7a588f96aaf88e7b69441c3b50bc9c7b20df7.tar.xz
UXP-43f7a588f96aaf88e7b69441c3b50bc9c7b20df7.zip
Nuke the sandbox
Diffstat (limited to 'security/sandbox/linux/SandboxHooks.cpp')
-rw-r--r--security/sandbox/linux/SandboxHooks.cpp72
1 files changed, 0 insertions, 72 deletions
diff --git a/security/sandbox/linux/SandboxHooks.cpp b/security/sandbox/linux/SandboxHooks.cpp
deleted file mode 100644
index eaaf56982..000000000
--- a/security/sandbox/linux/SandboxHooks.cpp
+++ /dev/null
@@ -1,72 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=8 sts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this file,
- * You can obtain one at http://mozilla.org/MPL/2.0/. */
-#include <dlfcn.h>
-#include <signal.h>
-#include <errno.h>
-
-#include "mozilla/Types.h"
-
-#include <stdio.h>
-#include <stdlib.h>
-
-// Signal number used to enable seccomp on each thread.
-extern int gSeccompTsyncBroadcastSignum;
-
-// This file defines a hook for sigprocmask() and pthread_sigmask().
-// Bug 1176099: some threads block SIGSYS signal which breaks our seccomp-bpf
-// sandbox. To avoid this, we intercept the call and remove SIGSYS.
-//
-// ENOSYS indicates an error within the hook function itself.
-static int HandleSigset(int (*aRealFunc)(int, const sigset_t*, sigset_t*),
- int aHow, const sigset_t* aSet,
- sigset_t* aOldSet, bool aUseErrno)
-{
- if (!aRealFunc) {
- if (aUseErrno) {
- errno = ENOSYS;
- return -1;
- }
-
- return ENOSYS;
- }
-
- // Avoid unnecessary work
- if (aSet == NULL || aHow == SIG_UNBLOCK) {
- return aRealFunc(aHow, aSet, aOldSet);
- }
-
- sigset_t newSet = *aSet;
- if (sigdelset(&newSet, SIGSYS) != 0 ||
- (gSeccompTsyncBroadcastSignum &&
- sigdelset(&newSet, gSeccompTsyncBroadcastSignum) != 0)) {
- if (aUseErrno) {
- errno = ENOSYS;
- return -1;
- }
-
- return ENOSYS;
- }
-
- return aRealFunc(aHow, &newSet, aOldSet);
-}
-
-extern "C" MOZ_EXPORT int
-sigprocmask(int how, const sigset_t* set, sigset_t* oldset)
-{
- static auto sRealFunc = (int (*)(int, const sigset_t*, sigset_t*))
- dlsym(RTLD_NEXT, "sigprocmask");
-
- return HandleSigset(sRealFunc, how, set, oldset, true);
-}
-
-extern "C" MOZ_EXPORT int
-pthread_sigmask(int how, const sigset_t* set, sigset_t* oldset)
-{
- static auto sRealFunc = (int (*)(int, const sigset_t*, sigset_t*))
- dlsym(RTLD_NEXT, "pthread_sigmask");
-
- return HandleSigset(sRealFunc, how, set, oldset, false);
-}