Mercurial > mozreview > gecko / changeset / a158c6965d806338da04feb9e4450240abfa632a
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 1354731 - Quietly fail mknod of character devices in content sandbox. r?gcp draft
authorJed Davis <jld@mozilla.com>
Tue, 11 Apr 2017 13:22:26 -0600
changeset 560858 a158c6965d806338da04feb9e4450240abfa632a
parent 560546 abf145ebd05fe105efbc78b761858c34f7690154
child 623820 28ab549f68e91ed5cbfa7c4fb395c977d76cb517
push id53560
push userbmo:jld@mozilla.com
push dateWed, 12 Apr 2017 00:28:25 +0000
reviewersgcp
bugs1354731
milestone55.0a1
Bug 1354731 - Quietly fail mknod of character devices in content sandbox. r?gcp MozReview-Commit-ID: 2aehI5V7tQp
security/sandbox/linux/SandboxFilter.cpp file | annotate | diff | comparison | revisions 
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@@ -650,18 +650,25 @@ public:
       // using them, if they need to be, and what we intend to about it.
     case __NR_getcwd:
     CASES_FOR_statfs:
     CASES_FOR_fstatfs:
     case __NR_quotactl:
     CASES_FOR_fchown:
     case __NR_fchmod:
     case __NR_flock:
+      return Allow();
+
+      // Bug 1354731: proprietary GL drivers try to mknod() their devices
+    case __NR_mknod: {
+      Arg<mode_t> mode(1);
+      return If((mode & S_IFMT) == S_IFCHR, Error(EPERM))
+        .Else(InvalidSyscall());
+    }
 #endif
-      return Allow();
 
     case __NR_readlinkat:
 #ifdef DESKTOP
       // Bug 1290896
       return Allow();
 #else
       // Workaround for bug 964455:
       return Error(EINVAL);
gecko
Deployed from 4e825768105f at 2024-04-08T16:23:59Z.