Bug 1434392 - Don't preload libmozsandbox in grandchild processes, only the sandboxed children themselves. r?gcp
--- a/security/sandbox/linux/Sandbox.cpp
+++ b/security/sandbox/linux/Sandbox.cpp
@@ -475,16 +475,26 @@ static const Array<const char*, 1> kLibs
#endif // NIGHTLY_BUILD
void
SandboxEarlyInit() {
if (PR_GetEnv("MOZ_SANDBOXED") == nullptr) {
return;
}
+ // Fix LD_PRELOAD for any child processes. See bug 1434392 comment #10;
+ // this can probably go away when audio remoting is mandatory.
+ const char* oldPreload = PR_GetEnv("MOZ_ORIG_LD_PRELOAD");
+ char* preloadEntry;
+ // This string is "leaked" because the environment takes ownership.
+ if (asprintf(&preloadEntry, "LD_PRELOAD=%s",
+ oldPreload ? oldPreload : "") != -1) {
+ PR_SetEnv(preloadEntry);
+ }
+
// If TSYNC is not supported, set up signal handler
// used to enable seccomp on each thread.
if (!SandboxInfo::Get().Test(SandboxInfo::kHasSeccompTSync)) {
// The signal number has to be chosen early, so that the
// interceptions in SandboxHooks.cpp can prevent it from being
// masked.
const int tsyncSignum = FindFreeSignalNumber();
if (tsyncSignum == 0) {
--- a/security/sandbox/linux/launch/SandboxLaunch.cpp
+++ b/security/sandbox/linux/launch/SandboxLaunch.cpp
@@ -152,16 +152,17 @@ PreloadSandboxLib(base::environment_map*
nsAutoCString preload;
// Prepend this, because people can and do preload libpthread.
// (See bug 1222500.)
preload.AssignLiteral("libmozsandbox.so");
if (const char* oldPreload = PR_GetEnv("LD_PRELOAD")) {
// Doesn't matter if oldPreload is ""; extra separators are ignored.
preload.Append(' ');
preload.Append(oldPreload);
+ (*aEnv)["MOZ_ORIG_LD_PRELOAD"] = oldPreload;
}
MOZ_ASSERT(aEnv->count("LD_PRELOAD") == 0);
(*aEnv)["LD_PRELOAD"] = preload.get();
}
static void
AttachSandboxReporter(base::file_handle_mapping_vector* aFdMap)
{