Bug 1294286 - Filter clock IDs in clock_getres sandbox rule. r=gcp

The clockid_t type on Linux has a space of values with encode a pid and refer to various measures of another process's CPU usage; clock_getres would, thereby, allow probing whether other processes exist. This is a relatively small information leak into the sandboxes, but there's no reason to allow it. Differential Revision: https://phabricator.services.mozilla.com/D54081 --HG-- extra : moz-landing-system : lando
2019-11-21 08:02:06 +00:00 · 2019-11-21 08:02:06 +00:00 · 0daa28d9cb
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@ -452,6 +452,7 @@ class SandboxPolicyCommon : public SandboxPolicyBase {
    switch (sysno) {
        // Timekeeping
      case __NR_clock_nanosleep:
+      case __NR_clock_getres:
      case __NR_clock_gettime: {
        // clockid_t can encode a pid or tid to monitor another
        // process or thread's CPU usage (see CPUCLOCK_PID and related
@ -1175,7 +1176,6 @@ class ContentSandboxPolicy : public SandboxPolicyCommon {
        return Allow();

      CASES_FOR_getrlimit:
-      case __NR_clock_getres:
      CASES_FOR_getresuid:
      CASES_FOR_getresgid:
        return Allow();