Bug 1457092 - Disable codepaths forbidden by pledge() when being sandboxed on OpenBSD. r=froydnj

--HG-- extra : rebase_source : 49ef652c8c36ded2f18ed635b361250214eec55b
2018-08-22 05:29:00 -04:00 · 2018-08-22 05:29:00 -04:00 · 3870cf7d0c
commit 3870cf7d0c
parent 984eaf80dd
3 changed files with 16 additions and 0 deletions
--- a/widget/nsShmImage.cpp
+++ b/widget/nsShmImage.cpp
@ -67,6 +67,12 @@ nsShmImage::CreateShmSegment()
 {
  size_t size = SharedMemory::PageAlignedSize(mStride * mSize.height);

+#if defined(__OpenBSD__) && defined(MOZ_SANDBOX)
+  static mozilla::LazyLogModule sPledgeLog("SandboxPledge");
+  MOZ_LOG(sPledgeLog, mozilla::LogLevel::Debug,
+         ("%s called when pledged, returning false\n", __func__));
+  return false;
+#endif
  mShmId = shmget(IPC_PRIVATE, size, IPC_CREAT | 0600);
  if (mShmId == -1) {
    return false;
--- a/xpcom/base/nsDebugImpl.cpp
+++ b/xpcom/base/nsDebugImpl.cpp
@ -180,6 +180,10 @@ nsDebugImpl::GetIsDebuggerAttached(bool* aResult)
 {
  *aResult = false;

+#if defined(__OpenBSD__) && defined(MOZ_SANDBOX)
+  // no access to KERN_PROC_PID sysctl when pledge'd
+  return NS_OK;
+#endif
 #if defined(XP_WIN)
  *aResult = ::IsDebuggerPresent();
 #elif defined(XP_MACOSX) || defined(__DragonFly__) || defined(__FreeBSD__) \
--- a/xpcom/base/nsMemoryReporterManager.cpp
+++ b/xpcom/base/nsMemoryReporterManager.cpp
@ -193,6 +193,12 @@ SystemHeapSize(int64_t* aSizeOut)
 static MOZ_MUST_USE nsresult
 GetKinfoProcSelf(KINFO_PROC* aProc)
 {
+#if defined(__OpenBSD__) && defined(MOZ_SANDBOX)
+  static LazyLogModule sPledgeLog("SandboxPledge");
+  MOZ_LOG(sPledgeLog, LogLevel::Debug,
+         ("%s called when pledged, returning NS_ERROR_FAILURE\n", __func__));
+  return NS_ERROR_FAILURE;
+#endif
  int mib[] = {
    CTL_KERN,
    KERN_PROC,