[tor-commits] [tor-browser/tor-browser-78.14.0esr-10.5-1] Bug 1715254 - Deny clone3 to force glibc fallback r=gcp

sysrqb at torproject.org sysrqb at torproject.org
Sat Sep 4 01:29:00 UTC 2021


commit 1a70a6ac8a91cab14404db34bcfcf343346fbfb9
Author: Alexandre Lissy <lissyx+mozillians at lissyx.dyndns.org>
Date:   Wed Jun 9 13:45:28 2021 +0000

    Bug 1715254 - Deny clone3 to force glibc fallback r=gcp
    
    Differential Revision: https://phabricator.services.mozilla.com/D117297
---
 security/sandbox/linux/SandboxFilter.cpp | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp
index b60902e841e4..4ee50a23d461 100644
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@@ -633,6 +633,9 @@ class SandboxPolicyCommon : public SandboxPolicyBase {
       case __NR_clone:
         return ClonePolicy(InvalidSyscall());
 
+      case __NR_clone3:
+        return Error(ENOSYS);
+
         // More thread creation.
 #ifdef __NR_set_robust_list
       case __NR_set_robust_list:
@@ -1311,6 +1314,9 @@ class ContentSandboxPolicy : public SandboxPolicyCommon {
       case __NR_clone:
         return ClonePolicy(Error(EPERM));
 
+      case __NR_clone3:
+        return Error(ENOSYS);
+
 #  ifdef __NR_fadvise64
       case __NR_fadvise64:
         return Allow();





More information about the tor-commits mailing list