Commit b7d9f546 authored by Jed Davis's avatar Jed Davis Committed by Georg Koppen
Browse files

Bug 1320085 - Allow the getrlimit-equivalent subset of prlimit64. r=tedd 

This applies only to content processes, where we already allow getrlimit
(but not setrlimit).  The rule added here does not allow using prlimit64
to set any resource limits or interact with any other process.

MozReview-Commit-ID: nMry3t6QPj

--HG--
extra : rebase_source : ecf792077a672ab1f2c5edf9fbeb915a0d8dd30e
parent 8332cc21

security/sandbox/linux/SandboxFilter.cpp

+12 −0
Original line number Diff line number Diff line
@@ -735,6 +735,18 @@ public: 
    CASES_FOR_getresgid:

      return Allow();



    case __NR_prlimit64: {

      // Allow only the getrlimit() use case.  (glibc seems to use

      // only pid 0 to indicate the current process; pid == getpid()

      // is equivalent and could also be allowed if needed.)

      Arg<pid_t> pid(0);

      // This is really a const struct ::rlimit*, but Arg<> doesn't

      // work with pointers, only integer types.

      Arg<uintptr_t> new_limit(2);

      return If(AllOf(pid == 0, new_limit == 0), Allow())

        .Else(InvalidSyscall());

    }



    case __NR_umask:

    case __NR_kill:

    case __NR_wait4: