commit bf2b5cefbaddca978d5c5eca3b54f0f0af5c8d32 Author: Jed Davis jld@mozilla.com Date: Mon Nov 28 12:05:28 2016 -0700
Bug 1320085 - Allow the getrlimit-equivalent subset of prlimit64. r=tedd
This applies only to content processes, where we already allow getrlimit (but not setrlimit). The rule added here does not allow using prlimit64 to set any resource limits or interact with any other process.
MozReview-Commit-ID: nMry3t6QPj
--HG-- extra : rebase_source : ecf792077a672ab1f2c5edf9fbeb915a0d8dd30e --- security/sandbox/linux/SandboxFilter.cpp | 12 ++++++++++++ 1 file changed, 12 insertions(+)
diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp index f8db9dc802ea..018e9c64446c 100644 --- a/security/sandbox/linux/SandboxFilter.cpp +++ b/security/sandbox/linux/SandboxFilter.cpp @@ -735,6 +735,18 @@ public: CASES_FOR_getresgid: return Allow();
+ case __NR_prlimit64: { + // Allow only the getrlimit() use case. (glibc seems to use + // only pid 0 to indicate the current process; pid == getpid() + // is equivalent and could also be allowed if needed.) + Arg<pid_t> pid(0); + // This is really a const struct ::rlimit*, but Arg<> doesn't + // work with pointers, only integer types. + Arg<uintptr_t> new_limit(2); + return If(AllOf(pid == 0, new_limit == 0), Allow()) + .Else(InvalidSyscall()); + } + case __NR_umask: case __NR_kill: case __NR_wait4: