Bug 1614933 - Ensure that glibc's lazy initializers run before we enable the content process sandbox on Linux; r=jld

Differential Revision: https://phabricator.services.mozilla.com/D63471 --HG-- extra : moz-landing-system : lando
2020-03-22 13:03:36 +00:00 · 2020-03-22 13:03:36 +00:00 · 9186cc2ed8
--- a/security/sandbox/linux/Sandbox.cpp
+++ b/security/sandbox/linux/Sandbox.cpp
@ -27,6 +27,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <sys/mman.h>
 #include <sys/prctl.h>
 #include <sys/ptrace.h>
 #include <sys/syscall.h>
@ -500,6 +501,14 @@ void SandboxEarlyInit() {
  }
 }

+static void RunGlibcLazyInitializers() {
+  // Make glibc's lazy initialization of shm_open() run before sandboxing
+  int fd = shm_open("/dummy", O_RDONLY, 0);
+  if (fd > 0) {
+    close(fd);  // In the unlikely case we actually opened something
+  }
+}
+
 static void SandboxLateInit() {
 #ifdef NIGHTLY_BUILD
  gSandboxCrashOnError = true;
@ -516,6 +525,8 @@ static void SandboxLateInit() {
      gSandboxCrashOnError = envVar[0] != '0';
    }
  }
+
+  RunGlibcLazyInitializers();
 }

 // Common code for sandbox startup.