Bug 1362601 - Don't crash on sandbox violation if known-problem injected libs are present. r?gcp
MozReview-Commit-ID: HCbavpMUxYm
--- a/security/sandbox/linux/Sandbox.cpp
+++ b/security/sandbox/linux/Sandbox.cpp
@@ -12,16 +12,19 @@
#include "SandboxChroot.h"
#include "SandboxFilter.h"
#include "SandboxInternal.h"
#include "SandboxLogging.h"
#include "SandboxReporterClient.h"
#include "SandboxUtil.h"
#include <dirent.h>
+#ifdef NIGHTLY_BUILD
+#include "dlfcn.h"
+#endif
#include <errno.h>
#include <fcntl.h>
#include <linux/futex.h>
#include <pthread.h>
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -502,16 +505,32 @@ SetCurrentProcessSandbox(UniquePtr<sandb
if (info.Test(SandboxInfo::kVerbose)) {
SANDBOX_LOG_ERROR("no tsync support; using signal broadcast");
}
BroadcastSetThreadSandbox(&fprog);
}
MOZ_RELEASE_ASSERT(!gChrootHelper, "forgot to chroot");
}
+#ifdef NIGHTLY_BUILD
+static bool
+IsLibPresent(const char* aName)
+{
+ if (const auto handle = dlopen(aName, RTLD_LAZY | RTLD_NOLOAD)) {
+ dlclose(handle);
+ return true;
+ }
+ return false;
+}
+
+static const Array<const char*, 1> kLibsThatWillCrash {
+ "libesets_pac.so",
+};
+#endif // NIGHTLY_BUILD
+
void
SandboxEarlyInit(GeckoProcessType aType)
{
const SandboxInfo info = SandboxInfo::Get();
if (info.Test(SandboxInfo::kUnexpectedThreads)) {
return;
}
MOZ_RELEASE_ASSERT(IsSingleThreaded());
@@ -519,16 +538,22 @@ SandboxEarlyInit(GeckoProcessType aType)
// Set gSandboxCrashOnError if appropriate. This doesn't need to
// happen this early, but for now it's here so that I don't need to
// add NSPR dependencies for PR_GetEnv.
//
// This also means that users with "unexpected threads" setups won't
// crash even on nightly.
#ifdef NIGHTLY_BUILD
gSandboxCrashOnError = true;
+ for (const char* name : kLibsThatWillCrash) {
+ if (IsLibPresent(name)) {
+ gSandboxCrashOnError = false;
+ break;
+ }
+ }
#endif
if (const char* envVar = getenv("MOZ_SANDBOX_CRASH_ON_ERROR")) {
if (envVar[0]) {
gSandboxCrashOnError = envVar[0] != '0';
}
}
// Which kinds of resource isolation (of those that need to be set