gecko-dev/security
Jed Davis 6f45e8a477 Bug 1705045 - Quietly deny MADV_MERGEABLE in Linux sandbox policies that filter madvise. r=gcp
This `madvise` type is used by one Linux distro's libc, and in
principle could be used by other userspace libraries trying to optimize
performance, and I'd rather not allow it (see bug for more details).

Therefore, this patch returns an error instead of treating it as an
unknown syscall (which crashes on Nightly).

However, the content policy doesn't yet filter `madvise` (bug 1510861);
this patch doesn't change that.

Differential Revision: https://phabricator.services.mozilla.com/D112884
2021-04-30 00:24:15 +00:00
..
apps Bug 1679522 - Fix include directives and forward declarations. r=andi,necko-reviewers,jgilbert 2021-03-25 10:19:44 +00:00
certverifier Bug 1694649 - Rewrite GetFirstEVPolicy with pkix r=keeler 2021-04-16 22:32:35 +00:00
ct Bug 1699294 - add 'mach generate-test-certs' command to generate test certificate and key artifacts r=glandium 2021-04-14 22:24:11 +00:00
mac/hardenedruntime
manager Bug 1705376: Synchronize workspace-hack features and usage r=firefox-build-system-reviewers,glandium 2021-04-29 15:19:27 +00:00
nss Bug 1699657 - land NSS NSS_3_64_RTM UPGRADE_NSS_RELEASE, r=bbeurdouche 2021-04-15 16:54:57 +00:00
sandbox Bug 1705045 - Quietly deny MADV_MERGEABLE in Linux sandbox policies that filter madvise. r=gcp 2021-04-30 00:24:15 +00:00
.eslintrc.js
generate_certdata.py Bug 1654103: Standardize on Black for Python code in mozilla-central. 2020-10-26 18:34:53 +00:00
generate_mapfile.py Bug 1654103: Standardize on Black for Python code in mozilla-central. 2020-10-26 18:34:53 +00:00
moz.build Backed out changeset 0b714d638157 (Bug 1692990) as it cause system nss build to fail. r=padenot 2021-02-19 10:22:17 +00:00
nss.symbols Bug 1641178 - Add NSSCipherStrategy. r=dom-workers-and-storage-reviewers,jcj,janv 2021-03-12 09:31:57 +00:00