[sandboxed-tor-browser/master] Bug 23692: Add PR_SET_NO_NEW_PRIVS as an allowed prctl() operation. - tor-commits

29 Sep 2017

commit f670368e5c12ad18fc7383fbbd8c75dfaa5ee768
Author: Yawning Angel yawning@schwanenlied.me
Date:   Fri Sep 29 02:57:42 2017 +0000
Bug 23692: Add PR_SET_NO_NEW_PRIVS as an allowed prctl() operation.
Apparently tabs crash without this in 7.5a5, and according to the report
    this is the first thing it complains about before crashing deep in IPC
    land.
At a minimum this shuts the error up, and a fresh install appears to
    work...
---
 ChangeLog                     | 1 +
 data/torbrowser-amd64.seccomp | 4 +++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 936f9fc..735192c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,7 @@
 Changes in version 0.0.14 - UNRELEASED:
  * Bug 8706: Fully disable the .recently-used.xbel.
  * Bug 22814: Revert the upstream fix by default.
+ * Bug 23692: Add PR_SET_NO_NEW_PRIVS as an allowed prctl() operation.
Changes in version 0.0.13 - 2017-09-13:
  * Bug 13170: Disable the rest of the Firefox experiments botnet prefs.
diff --git a/data/torbrowser-amd64.seccomp b/data/torbrowser-amd64.seccomp
index 17be3d7..9dfc97a 100644
--- a/data/torbrowser-amd64.seccomp
+++ b/data/torbrowser-amd64.seccomp
@@ -36,6 +36,8 @@ FUTEX_WAKE_OP_PRIVATE=FUTEX_WAKE_OP | FUTEX_PRIVATE_FLAG
 #FUTEX_UNLOCK_PI_PRIVATE=FUTEX_UNLOCK_PI | FUTEX_PRIVATE_FLAG
 FUTEX_WAIT_BITSET_PRIVATE=FUTEX_WAIT_BITSET | FUTEX_PRIVATE_FLAG
+PR_SET_NO_NEW_PRIVS=38
+
 #
 # System calls allowed unconditionally without argument filtering.
 #
@@ -192,7 +194,7 @@ wait4: 1
 futex: arg1 == FUTEX_CMP_REQUEUE_PRIVATE || arg1 == FUTEX_WAIT || arg1 == FUTEX_WAIT_BITSET_PRIVATE|FUTEX_CLOCK_REALTIME || arg1 == FUTEX_WAIT_PRIVATE || arg1 == FUTEX_WAKE || arg1 == FUTEX_WAKE_OP_PRIVATE || arg1 == FUTEX_WAKE_PRIVATE || arg1 == FUTEX_WAIT_BITSET_PRIVATE
 madvise: arg2 == MADV_NORMAL || arg2 == MADV_DONTNEED || arg2 == MADV_FREE
 ioctl: arg1 == FIONREAD || arg1 == TCGETS || arg1 == TIOCGPGRP
-prctl: arg0 == PR_SET_NAME || arg0 == PR_GET_NAME || arg0 == PR_GET_TIMERSLACK || arg0 == PR_SET_SECCOMP
+prctl: arg0 == PR_SET_NAME || arg0 == PR_GET_NAME || arg0 == PR_GET_TIMERSLACK || arg0 == PR_SET_SECCOMP || arg0 == PR_SET_NO_NEW_PRIVS
 socket: arg0 == AF_UNIX
# Calls that other people think we should have but we deny:

    