[tbb-commits] [tor-browser/tor-browser-52.3.0esr-7.5-2] Bug 1286865 - Step 0: Turn off crash-on-seccomp-fail by default on non-nightly. r=gcp

gk at torproject.org gk at torproject.org
Thu Sep 21 16:14:42 UTC 2017


commit e3693eef06cadfc24d50abe34ae1bedf0385c3f8
Author: Jed Davis <jld at mozilla.com>
Date:   Fri Jan 27 14:25:50 2017 -0700

    Bug 1286865 - Step 0: Turn off crash-on-seccomp-fail by default on non-nightly. r=gcp
    
    MozReview-Commit-ID: 1It6HNizbAc
    
    --HG--
    extra : rebase_source : 1e96f11904abf2c38c5b4e50de7609ddc86cdd8a
---
 security/sandbox/linux/Sandbox.cpp | 32 ++++++++++++++++++++++++++------
 1 file changed, 26 insertions(+), 6 deletions(-)

diff --git a/security/sandbox/linux/Sandbox.cpp b/security/sandbox/linux/Sandbox.cpp
index 7f1182be9972..b4e65a1745df 100644
--- a/security/sandbox/linux/Sandbox.cpp
+++ b/security/sandbox/linux/Sandbox.cpp
@@ -73,6 +73,8 @@ int gSeccompTsyncBroadcastSignum = 0;
 
 namespace mozilla {
 
+static bool gSandboxCrashOnError = false;
+
 // This is initialized by SandboxSetCrashFunc().
 SandboxCrashFunc gSandboxCrashFunc;
 
@@ -148,15 +150,18 @@ SigSysHandler(int nr, siginfo_t *info, void *void_context)
   // TODO, someday when this is enabled on MIPS: include the two extra
   // args in the error message.
   SANDBOX_LOG_ERROR("seccomp sandbox violation: pid %d, syscall %d,"
-                    " args %d %d %d %d %d %d.  Killing process.",
+                    " args %d %d %d %d %d %d.%s",
                     pid, syscall_nr,
-                    args[0], args[1], args[2], args[3], args[4], args[5]);
+                    args[0], args[1], args[2], args[3], args[4], args[5],
+                    gSandboxCrashOnError ? "  Killing process." : "");
 
-  // Bug 1017393: record syscall number somewhere useful.
-  info->si_addr = reinterpret_cast<void*>(syscall_nr);
+  if (gSandboxCrashOnError) {
+    // Bug 1017393: record syscall number somewhere useful.
+    info->si_addr = reinterpret_cast<void*>(syscall_nr);
 
-  gSandboxCrashFunc(nr, info, &savedCtx);
-  _exit(127);
+    gSandboxCrashFunc(nr, info, &savedCtx);
+    _exit(127);
+  }
 }
 
 /**
@@ -515,6 +520,21 @@ SandboxEarlyInit(GeckoProcessType aType)
   }
   MOZ_RELEASE_ASSERT(IsSingleThreaded());
 
+  // Set gSandboxCrashOnError if appropriate.  This doesn't need to
+  // happen this early, but for now it's here so that I don't need to
+  // add NSPR dependencies for PR_GetEnv.
+  //
+  // This also means that users with "unexpected threads" setups won't
+  // crash even on nightly.
+#ifdef NIGHTLY_BUILD
+  gSandboxCrashOnError = true;
+#endif
+  if (const char* envVar = getenv("MOZ_SANDBOX_CRASH_ON_ERROR")) {
+    if (envVar[0]) {
+      gSandboxCrashOnError = envVar[0] != '0';
+    }
+  }
+
   // Which kinds of resource isolation (of those that need to be set
   // up at this point) can be used by this process?
   bool canChroot = false;





More information about the tbb-commits mailing list