Mercurial > mozreview > gecko / changeset / 2946a4e3c4a141ecc72c68add40d2d357b02386e
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 1299581 - Fail waitpid et al. with ECHILD in sandboxed content processes. r?gcp draft
authorJed Davis <jld@mozilla.com>
Thu, 07 Sep 2017 08:27:32 -0600
changeset 660911 2946a4e3c4a141ecc72c68add40d2d357b02386e
parent 660738 37b95547f0d27565452136d16b2df2857be840f6
child 660912 130b749639cc00b8af8edf8ed25d5c0966048332
push id78611
push userbmo:jld@mozilla.com
push dateThu, 07 Sep 2017 21:02:18 +0000
reviewersgcp
bugs1299581
milestone57.0a1
Bug 1299581 - Fail waitpid et al. with ECHILD in sandboxed content processes. r?gcp MozReview-Commit-ID: 7Qjcnrd7KqK
security/sandbox/linux/SandboxFilter.cpp file | annotate | diff | comparison | revisions 
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@@ -788,20 +788,26 @@ public:
       // work with pointers, only integer types.
       Arg<uintptr_t> new_limit(2);
       return If(AllOf(pid == 0, new_limit == 0), Allow())
         .Else(InvalidSyscall());
     }
 
     case __NR_umask:
     case __NR_kill:
+      return Allow();
+
     case __NR_wait4:
 #ifdef __NR_waitpid
     case __NR_waitpid:
 #endif
+      // NSPR will start a thread to wait for child processes even if
+      // fork() fails; see bug 227246 and bug 1299581.
+      return Error(ECHILD);
+
 #ifdef __NR_arch_prctl
     case __NR_arch_prctl:
 #endif
       return Allow();
 
     case __NR_eventfd2:
     case __NR_inotify_init:
     case __NR_inotify_init1:
gecko
Deployed from 4e825768105f at 2024-04-08T16:23:59Z.