зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1397753 - Disallow kill() in sandboxed content processes. r=gcp
As a special case to deal with PulseAudio, testing for a process's existence with kill(pid, 0) quietly fails with EPERM instead. (I also added some commentary on umask, since I was touching that part of the code anyway.) MozReview-Commit-ID: CM0Aqii13j4 --HG-- extra : rebase_source : 44ef05e9a39a9eea4a649399c63b865f5523d43b
This commit is contained in:
Родитель
db2eef4339
Коммит
e6cee20f4d
|
@ -791,10 +791,22 @@ public:
|
|||
.Else(InvalidSyscall());
|
||||
}
|
||||
|
||||
// PulseAudio calls umask, even though it's unsafe in
|
||||
// multithreaded applications. But, allowing it here doesn't
|
||||
// really do anything one way or the other, now that file
|
||||
// accesses are brokered to another process.
|
||||
case __NR_umask:
|
||||
case __NR_kill:
|
||||
return Allow();
|
||||
|
||||
case __NR_kill: {
|
||||
Arg<int> sig(1);
|
||||
// PulseAudio uses kill(pid, 0) to check if purported owners of
|
||||
// shared memory files are still alive; see bug 1397753 for more
|
||||
// details.
|
||||
return If(sig == 0, Error(EPERM))
|
||||
.Else(InvalidSyscall());
|
||||
}
|
||||
|
||||
case __NR_wait4:
|
||||
#ifdef __NR_waitpid
|
||||
case __NR_waitpid:
|
||||
|
|
Загрузка…
Ссылка в новой задаче