Bug 1710614 - Limit prctl() in Socket Process r=gcp

Differential Revision: https://phabricator.services.mozilla.com/D114848
2024-11-25 05:41:12 +00:00 · 2021-05-11 13:36:07 +00:00 · 2021-05-11 13:36:07 +00:00 · 2758edd4f2
commit 2758edd4f2
parent a957c5485b
1 changed files with 7 additions and 2 deletions
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@ -1778,8 +1778,13 @@ class SocketProcessSandboxPolicy final : public SandboxPolicyCommon {
  }

  ResultExpr PrctlPolicy() const override {
-    // FIXME: bug 1619661
-    return Allow();
+    Arg<int> op(0);
+    return Switch(op)
+        .CASES((PR_SET_NAME,      // Thread creation
+                PR_SET_DUMPABLE,  // Crash reporting
+                PR_SET_PTRACER),  // Debug-mode crash handling
+               Allow())
+        .Default(InvalidSyscall());
  }

  ResultExpr EvaluateSyscall(int sysno) const override {