[tbb-commits] [tor-browser/tor-browser-78.13.0esr-11.0-2] Bug 1715254 - Deny clone3 to force glibc fallback r=gcp
sysrqb at torproject.org
sysrqb at torproject.org
Tue Aug 17 13:06:51 UTC 2021
commit ad2fcfecb9d5bad37a7fcae4f509bd29389bd995
Author: Alexandre Lissy <lissyx+mozillians at lissyx.dyndns.org>
Date: Wed Jun 9 13:45:28 2021 +0000
Bug 1715254 - Deny clone3 to force glibc fallback r=gcp
Differential Revision: https://phabricator.services.mozilla.com/D117297
---
security/sandbox/linux/SandboxFilter.cpp | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp
index b60902e841e4..4ee50a23d461 100644
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@@ -633,6 +633,9 @@ class SandboxPolicyCommon : public SandboxPolicyBase {
case __NR_clone:
return ClonePolicy(InvalidSyscall());
+ case __NR_clone3:
+ return Error(ENOSYS);
+
// More thread creation.
#ifdef __NR_set_robust_list
case __NR_set_robust_list:
@@ -1311,6 +1314,9 @@ class ContentSandboxPolicy : public SandboxPolicyCommon {
case __NR_clone:
return ClonePolicy(Error(EPERM));
+ case __NR_clone3:
+ return Error(ENOSYS);
+
# ifdef __NR_fadvise64
case __NR_fadvise64:
return Allow();
More information about the tbb-commits
mailing list