Closed Bug 1710625 Opened 2 years ago Closed 2 years ago

Support Socket Process in SandboxTest

Categories

(Core :: Security: Process Sandboxing, enhancement, P1)

Product:
Core
Component:
Security: Process Sandboxing
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
91 Branch
Tracking Flags:
Tracking Status
firefox91 --- fixed

People

(Reporter: gerard-majax, Assigned: gerard-majax)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

Bug 1710625 - SandboxTest with SocketProcess r?handyman!,jld!,#necko-reviewers!
48 bytes, text/x-phabricator-request
Details | Review
Depends on: 1710603, 1710614

(In reply to Alexandre LISSY :gerard-majax from comment #1)

Testing this will require to change InvalidSyscall() from PrctlPolicy() to Error(ENOSYS) for example.

(In reply to Alexandre LISSY :gerard-majax from comment #3)

(In reply to Alexandre LISSY :gerard-majax from comment #1)

Testing this will require to change InvalidSyscall() from PrctlPolicy() to Error(ENOSYS) for example.

diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp
index 3013c3e1155e..ee385eacd39f 100644
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@@ -1778,8 +1778,17 @@ class SocketProcessSandboxPolicy final : public SandboxPolicyCommon {
   }

   ResultExpr PrctlPolicy() const override {
-    // FIXME: bug 1619661
-    return Allow();
+    Arg<int> op(0);
+    return Switch(op)
+        .CASES((PR_SET_NAME,      // Thread creation
+                PR_SET_DUMPABLE,  // Crash reporting
+                PR_SET_PTRACER),  // Debug-mode crash handling
+               Allow())
+#if defined(MOZ_SANDBOX) && defined(MOZ_DEBUG) && defined(ENABLE_TESTS)
+        .Default(Error(ENOSYS));
+#else
+        .Default(InvalidSyscall());
+#endif
   }

   ResultExpr EvaluateSyscall(int sysno) const override {
Status: NEW → ASSIGNED
Attachment #9221369 - Attachment description: WIP: Bug 1710625 - SandboxTest with SocketProcess → Bug 1710625 - SandboxTest with SocketProcess r?handyman,#necko-reviewers
Attachment #9221369 - Attachment description: Bug 1710625 - SandboxTest with SocketProcess r?handyman,#necko-reviewers → Bug 1710625 - SandboxTest with SocketProcess r?handyman!,#necko-reviewers!
Attachment #9221369 - Attachment description: Bug 1710625 - SandboxTest with SocketProcess r?handyman!,#necko-reviewers! → Bug 1710625 - SandboxTest with SocketProcess r?handyman!,jld!,#necko-reviewers!
Severity: -- → S4
Priority: -- → P1
Pushed by alissy@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/735298219a02
SandboxTest with SocketProcess r=necko-reviewers,handyman,jld,kershaw
Regressions: 1714315
No longer regressions: 1714315

https://hg.mozilla.org/mozilla-central/rev/735298219a02

Status: ASSIGNED → RESOLVED
Closed: 2 years ago
status-firefox91: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 91 Branch
Blocks: sb-test
You need to log in before you can comment on or make changes to this bug.