diff options
| author | Moonchild <mcwerewolf@gmail.com> | 2018-05-04 09:09:10 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-05-04 09:09:10 +0200 |
| commit | 4a2aeb152e48c44efa57c140660e99792f4dd350 (patch) | |
| tree | 7b786de2b175122814a53232268b1147a8bd0bfb /security/sandbox/linux/SandboxHooks.cpp | |
| parent | 20532e13937ab5fc8efcb2bfc4c0070dace40cd1 (diff) | |
| parent | f265784e8cabaff17f4554cf2bd2c30217b6ec0f (diff) | |
| download | UXP-4a2aeb152e48c44efa57c140660e99792f4dd350.tar UXP-4a2aeb152e48c44efa57c140660e99792f4dd350.tar.gz UXP-4a2aeb152e48c44efa57c140660e99792f4dd350.tar.lz UXP-4a2aeb152e48c44efa57c140660e99792f4dd350.tar.xz UXP-4a2aeb152e48c44efa57c140660e99792f4dd350.zip | |
Merge pull request #323 from MoonchildProductions/nuke-sandbox
Nuke sandbox
Diffstat (limited to 'security/sandbox/linux/SandboxHooks.cpp')
| -rw-r--r-- | security/sandbox/linux/SandboxHooks.cpp | 72 |
1 files changed, 0 insertions, 72 deletions
diff --git a/security/sandbox/linux/SandboxHooks.cpp b/security/sandbox/linux/SandboxHooks.cpp deleted file mode 100644 index eaaf56982..000000000 --- a/security/sandbox/linux/SandboxHooks.cpp +++ /dev/null @@ -1,72 +0,0 @@ -/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ -/* vim: set ts=8 sts=2 et sw=2 tw=80: */ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this file, - * You can obtain one at http://mozilla.org/MPL/2.0/. */ -#include <dlfcn.h> -#include <signal.h> -#include <errno.h> - -#include "mozilla/Types.h" - -#include <stdio.h> -#include <stdlib.h> - -// Signal number used to enable seccomp on each thread. -extern int gSeccompTsyncBroadcastSignum; - -// This file defines a hook for sigprocmask() and pthread_sigmask(). -// Bug 1176099: some threads block SIGSYS signal which breaks our seccomp-bpf -// sandbox. To avoid this, we intercept the call and remove SIGSYS. -// -// ENOSYS indicates an error within the hook function itself. -static int HandleSigset(int (*aRealFunc)(int, const sigset_t*, sigset_t*), - int aHow, const sigset_t* aSet, - sigset_t* aOldSet, bool aUseErrno) -{ - if (!aRealFunc) { - if (aUseErrno) { - errno = ENOSYS; - return -1; - } - - return ENOSYS; - } - - // Avoid unnecessary work - if (aSet == NULL || aHow == SIG_UNBLOCK) { - return aRealFunc(aHow, aSet, aOldSet); - } - - sigset_t newSet = *aSet; - if (sigdelset(&newSet, SIGSYS) != 0 || - (gSeccompTsyncBroadcastSignum && - sigdelset(&newSet, gSeccompTsyncBroadcastSignum) != 0)) { - if (aUseErrno) { - errno = ENOSYS; - return -1; - } - - return ENOSYS; - } - - return aRealFunc(aHow, &newSet, aOldSet); -} - -extern "C" MOZ_EXPORT int -sigprocmask(int how, const sigset_t* set, sigset_t* oldset) -{ - static auto sRealFunc = (int (*)(int, const sigset_t*, sigset_t*)) - dlsym(RTLD_NEXT, "sigprocmask"); - - return HandleSigset(sRealFunc, how, set, oldset, true); -} - -extern "C" MOZ_EXPORT int -pthread_sigmask(int how, const sigset_t* set, sigset_t* oldset) -{ - static auto sRealFunc = (int (*)(int, const sigset_t*, sigset_t*)) - dlsym(RTLD_NEXT, "pthread_sigmask"); - - return HandleSigset(sRealFunc, how, set, oldset, false); -} |