Bug 946407 - Disable sandbox when DMDing. r=njn r=kang

See also bug 956961.
2024-09-13 09:24:08 -07:00 · 2014-03-04 18:27:14 -08:00 · 2014-03-04 18:27:14 -08:00 · f6ffcce7a8
commit f6ffcce7a8
parent 906a754859
1 changed files with 9 additions and 0 deletions
--- a/security/sandbox/linux/Sandbox.cpp
+++ b/security/sandbox/linux/Sandbox.cpp
@ -221,6 +221,15 @@ InstallSyscallReporter(void)
 static int
 InstallSyscallFilter(void)
 {
+#ifdef MOZ_DMD
+  char* e = PR_GetEnv("DMD");
+  if (e && strcmp(e, "") != 0 && strcmp(e, "0") != 0) {
+    LOG_ERROR("SANDBOX DISABLED FOR DMD!  See bug 956961.");
+    // Must treat this as "failure" in order to prevent infinite loop;
+    // cf. the PR_GET_SECCOMP check below.
+    return 1;
+  }
+#endif
  if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) {
    return 1;
  }