[tbb-commits] [tor-browser/tor-browser-52.4.0esr-7.0-1] Bug 1286865 - Step 0: Turn off crash-on-seccomp-fail by default on non-nightly. r=gcp
gk at torproject.org
gk at torproject.org
Tue Oct 17 12:12:39 UTC 2017
commit a878b3789b8b338124ba79efb5abba5f9bc34455
Author: Jed Davis <jld at mozilla.com>
Date: Fri Jan 27 14:25:50 2017 -0700
Bug 1286865 - Step 0: Turn off crash-on-seccomp-fail by default on non-nightly. r=gcp
MozReview-Commit-ID: 1It6HNizbAc
--HG--
extra : rebase_source : 1e96f11904abf2c38c5b4e50de7609ddc86cdd8a
---
security/sandbox/linux/Sandbox.cpp | 32 ++++++++++++++++++++++++++------
1 file changed, 26 insertions(+), 6 deletions(-)
diff --git a/security/sandbox/linux/Sandbox.cpp b/security/sandbox/linux/Sandbox.cpp
index 7f1182be9972..b4e65a1745df 100644
--- a/security/sandbox/linux/Sandbox.cpp
+++ b/security/sandbox/linux/Sandbox.cpp
@@ -73,6 +73,8 @@ int gSeccompTsyncBroadcastSignum = 0;
namespace mozilla {
+static bool gSandboxCrashOnError = false;
+
// This is initialized by SandboxSetCrashFunc().
SandboxCrashFunc gSandboxCrashFunc;
@@ -148,15 +150,18 @@ SigSysHandler(int nr, siginfo_t *info, void *void_context)
// TODO, someday when this is enabled on MIPS: include the two extra
// args in the error message.
SANDBOX_LOG_ERROR("seccomp sandbox violation: pid %d, syscall %d,"
- " args %d %d %d %d %d %d. Killing process.",
+ " args %d %d %d %d %d %d.%s",
pid, syscall_nr,
- args[0], args[1], args[2], args[3], args[4], args[5]);
+ args[0], args[1], args[2], args[3], args[4], args[5],
+ gSandboxCrashOnError ? " Killing process." : "");
- // Bug 1017393: record syscall number somewhere useful.
- info->si_addr = reinterpret_cast<void*>(syscall_nr);
+ if (gSandboxCrashOnError) {
+ // Bug 1017393: record syscall number somewhere useful.
+ info->si_addr = reinterpret_cast<void*>(syscall_nr);
- gSandboxCrashFunc(nr, info, &savedCtx);
- _exit(127);
+ gSandboxCrashFunc(nr, info, &savedCtx);
+ _exit(127);
+ }
}
/**
@@ -515,6 +520,21 @@ SandboxEarlyInit(GeckoProcessType aType)
}
MOZ_RELEASE_ASSERT(IsSingleThreaded());
+ // Set gSandboxCrashOnError if appropriate. This doesn't need to
+ // happen this early, but for now it's here so that I don't need to
+ // add NSPR dependencies for PR_GetEnv.
+ //
+ // This also means that users with "unexpected threads" setups won't
+ // crash even on nightly.
+#ifdef NIGHTLY_BUILD
+ gSandboxCrashOnError = true;
+#endif
+ if (const char* envVar = getenv("MOZ_SANDBOX_CRASH_ON_ERROR")) {
+ if (envVar[0]) {
+ gSandboxCrashOnError = envVar[0] != '0';
+ }
+ }
+
// Which kinds of resource isolation (of those that need to be set
// up at this point) can be used by this process?
bool canChroot = false;
More information about the tbb-commits
mailing list