Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-07 18:04:46 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1363378 - Set close-on-exec in sandbox-related sockets held by parent process. r=gcp

Browse Source 
If these aren't close-on-exec, they can be inherited by the crash
reporter process after the parent process has crashed and exited,
causing child processes to continue running when the IPC I/O thread blocks
in the file broker trying to open a GeckoChildCrash temp file.
(Empirically, the main thread then blocks waiting for the I/O thread.)

Operations that run on dedicated threads, like playing media, may
continue even though the main and IPC threads are locked up, resulting in
videos that keep playing sound even though the browser seems to no longer
exist.

If the broker socket is closed as expected when the parent process
exits, the child will return failure from the brokered file operation
and then go on to get an IPC error due to the parent process's
nonexistence, and will exit as normal.

This patch makes the same change to rejected syscall reporting, even
though that's a one-way asynchronous message with no response to wait
for, just in case something goes wrong enough to fill the entire socket
buffer but not so badly broken that it would wind up in an infinite loop
anyway.

SOCK_CLOEXEC has been present since Linux 2.6.26, and it would be used
only if seccomp-bpf is available, so it should be safe to use
unconditionally.

MozReview-Commit-ID: 7tDPBJILzlj

--HG--
extra : rebase_source : b797655dff2eea88c406d83dcee4a859f2a038b7
This commit is contained in:
Jed Davis 2017-09-13 12:25:35 -06:00
parent d4015fac9b
commit bb7bbfa321
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
security/sandbox/linux/broker/SandboxBroker.cpp
View File

@ -38,7 +38,7 @@ SandboxBroker::SandboxBroker(UniquePtr<const Policy> aPolicy, int aChildPid,
: mChildPid(aChildPid), mPolicy(Move(aPolicy))
{
int fds[2];
if (0 != socketpair(AF_UNIX, SOCK_SEQPACKET, 0, fds)) {
if (0 != socketpair(AF_UNIX, SOCK_SEQPACKET | SOCK_CLOEXEC, 0, fds)) {
SANDBOX_LOG_ERROR("SandboxBroker: socketpair failed: %s", strerror(errno));
mFileDesc = -1;
aClientFd = -1;

2
security/sandbox/linux/reporter/SandboxReporter.cpp
View File

@ -48,7 +48,7 @@ SandboxReporter::Init()
{
int fds[2];
if (0 != socketpair(AF_UNIX, SOCK_SEQPACKET, 0, fds)) {
if (0 != socketpair(AF_UNIX, SOCK_SEQPACKET | SOCK_CLOEXEC, 0, fds)) {
SANDBOX_LOG_ERROR("SandboxReporter: socketpair failed: %s",
strerror(errno));
return false;