Commit f670368e authored by Yawning Angel's avatar Yawning Angel
Browse files

Bug 23692: Add PR_SET_NO_NEW_PRIVS as an allowed prctl() operation.

Apparently tabs crash without this in 7.5a5, and according to the report
this is the first thing it complains about before crashing deep in IPC
land.

At a minimum this shuts the error up, and a fresh install appears to
work...
parent 04868bf8
Loading
Loading
Loading
Loading
+1 −0
Original line number Diff line number Diff line
Changes in version 0.0.14 - UNRELEASED:
 * Bug 8706: Fully disable the .recently-used.xbel.
 * Bug 22814: Revert the upstream fix by default.
 * Bug 23692: Add PR_SET_NO_NEW_PRIVS as an allowed prctl() operation.

Changes in version 0.0.13 - 2017-09-13:
 * Bug 13170: Disable the rest of the Firefox experiments botnet prefs.
+3 −1
Original line number Diff line number Diff line
@@ -36,6 +36,8 @@ FUTEX_WAKE_OP_PRIVATE=FUTEX_WAKE_OP | FUTEX_PRIVATE_FLAG
#FUTEX_UNLOCK_PI_PRIVATE=FUTEX_UNLOCK_PI | FUTEX_PRIVATE_FLAG
FUTEX_WAIT_BITSET_PRIVATE=FUTEX_WAIT_BITSET | FUTEX_PRIVATE_FLAG

PR_SET_NO_NEW_PRIVS=38

#
# System calls allowed unconditionally without argument filtering.
#
@@ -192,7 +194,7 @@ wait4: 1
futex: arg1 == FUTEX_CMP_REQUEUE_PRIVATE || arg1 == FUTEX_WAIT || arg1 == FUTEX_WAIT_BITSET_PRIVATE|FUTEX_CLOCK_REALTIME || arg1 == FUTEX_WAIT_PRIVATE || arg1 == FUTEX_WAKE || arg1 == FUTEX_WAKE_OP_PRIVATE || arg1 == FUTEX_WAKE_PRIVATE || arg1 == FUTEX_WAIT_BITSET_PRIVATE
madvise: arg2 == MADV_NORMAL || arg2 == MADV_DONTNEED || arg2 == MADV_FREE
ioctl: arg1 == FIONREAD || arg1 == TCGETS || arg1 == TIOCGPGRP
prctl: arg0 == PR_SET_NAME || arg0 == PR_GET_NAME || arg0 == PR_GET_TIMERSLACK || arg0 == PR_SET_SECCOMP
prctl: arg0 == PR_SET_NAME || arg0 == PR_GET_NAME || arg0 == PR_GET_TIMERSLACK || arg0 == PR_SET_SECCOMP || arg0 == PR_SET_NO_NEW_PRIVS
socket: arg0 == AF_UNIX

# Calls that other people think we should have but we deny: