From 6a37a2ab9328bec6a29f688d1b2fba6974d34905 Mon Sep 17 00:00:00 2001 From: Jed Davis Date: Tue, 9 Aug 2022 00:35:18 +0000 Subject: [PATCH] Bug 1778052 - Don't reset ignored signals when starting a sandboxed child process on Linux. r=gcp We uninstall signal handlers in child processes after clone(), because they probably won't do the right thing if invoked in that context. However, the current code also resets signals which were ignored; if that disposition was set by an outside program like `nohup`, the expectation is that it should be inherited. This patch omits those signals when resetting handlers (similar to what `exec` does). Differential Revision: https://phabricator.services.mozilla.com/D151336 --- security/sandbox/linux/launch/SandboxLaunch.cpp | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/security/sandbox/linux/launch/SandboxLaunch.cpp b/security/sandbox/linux/launch/SandboxLaunch.cpp index e145623804f4..267b71bd139f 100644 --- a/security/sandbox/linux/launch/SandboxLaunch.cpp +++ b/security/sandbox/linux/launch/SandboxLaunch.cpp @@ -468,8 +468,23 @@ static void RestoreSignals(const sigset_t* aOldSigs) { } } +static bool IsSignalIgnored(int aSig) { + struct sigaction sa {}; + + if (sigaction(aSig, nullptr, &sa) != 0) { + if (errno != EINVAL) { + SANDBOX_LOG_ERRNO("sigaction(%d)", aSig); + } + return false; + } + return sa.sa_handler == SIG_IGN; +} + static void ResetSignalHandlers() { for (int signum = 1; signum <= SIGRTMAX; ++signum) { + if (IsSignalIgnored(signum)) { + continue; + } if (signal(signum, SIG_DFL) == SIG_ERR) { MOZ_DIAGNOSTIC_ASSERT(errno == EINVAL); }