[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [sandboxed-tor-browser/master] Bug 23692: Add PR_SET_NO_NEW_PRIVS as an allowed prctl() operation.

To: tor-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [sandboxed-tor-browser/master] Bug 23692: Add PR_SET_NO_NEW_PRIVS as an allowed prctl() operation.
From: yawning@xxxxxxxxxxxxxx
Date: Fri, 29 Sep 2017 03:00:35 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 28 Sep 2017 23:00:46 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
Patch-author: Yawning Angel <yawning@xxxxxxxxxxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>

commit f670368e5c12ad18fc7383fbbd8c75dfaa5ee768
Author: Yawning Angel <yawning@xxxxxxxxxxxxxxx>
Date:   Fri Sep 29 02:57:42 2017 +0000

    Bug 23692: Add PR_SET_NO_NEW_PRIVS as an allowed prctl() operation.
    
    Apparently tabs crash without this in 7.5a5, and according to the report
    this is the first thing it complains about before crashing deep in IPC
    land.
    
    At a minimum this shuts the error up, and a fresh install appears to
    work...
---
 ChangeLog                     | 1 +
 data/torbrowser-amd64.seccomp | 4 +++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 936f9fc..735192c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,7 @@
 Changes in version 0.0.14 - UNRELEASED:
  * Bug 8706: Fully disable the .recently-used.xbel.
  * Bug 22814: Revert the upstream fix by default.
+ * Bug 23692: Add PR_SET_NO_NEW_PRIVS as an allowed prctl() operation.
 
 Changes in version 0.0.13 - 2017-09-13:
  * Bug 13170: Disable the rest of the Firefox experiments botnet prefs.
diff --git a/data/torbrowser-amd64.seccomp b/data/torbrowser-amd64.seccomp
index 17be3d7..9dfc97a 100644
--- a/data/torbrowser-amd64.seccomp
+++ b/data/torbrowser-amd64.seccomp
@@ -36,6 +36,8 @@ FUTEX_WAKE_OP_PRIVATE=FUTEX_WAKE_OP | FUTEX_PRIVATE_FLAG
 #FUTEX_UNLOCK_PI_PRIVATE=FUTEX_UNLOCK_PI | FUTEX_PRIVATE_FLAG
 FUTEX_WAIT_BITSET_PRIVATE=FUTEX_WAIT_BITSET | FUTEX_PRIVATE_FLAG
 
+PR_SET_NO_NEW_PRIVS=38
+
 #
 # System calls allowed unconditionally without argument filtering.
 #
@@ -192,7 +194,7 @@ wait4: 1
 futex: arg1 == FUTEX_CMP_REQUEUE_PRIVATE || arg1 == FUTEX_WAIT || arg1 == FUTEX_WAIT_BITSET_PRIVATE|FUTEX_CLOCK_REALTIME || arg1 == FUTEX_WAIT_PRIVATE || arg1 == FUTEX_WAKE || arg1 == FUTEX_WAKE_OP_PRIVATE || arg1 == FUTEX_WAKE_PRIVATE || arg1 == FUTEX_WAIT_BITSET_PRIVATE
 madvise: arg2 == MADV_NORMAL || arg2 == MADV_DONTNEED || arg2 == MADV_FREE
 ioctl: arg1 == FIONREAD || arg1 == TCGETS || arg1 == TIOCGPGRP
-prctl: arg0 == PR_SET_NAME || arg0 == PR_GET_NAME || arg0 == PR_GET_TIMERSLACK || arg0 == PR_SET_SECCOMP
+prctl: arg0 == PR_SET_NAME || arg0 == PR_GET_NAME || arg0 == PR_GET_TIMERSLACK || arg0 == PR_SET_SECCOMP || arg0 == PR_SET_NO_NEW_PRIVS
 socket: arg0 == AF_UNIX
 
 # Calls that other people think we should have but we deny:

_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Prev by Author: [tor-commits] [sandboxed-tor-browser/master] Update the stub's comment blurb. (No functional changes)
Previous by thread: [tor-commits] [webwml/master] Add new Tor Browser version: 7.5a5
Next by thread: [tor-commits] [webwml/master] do another mirror run
Index(es):
- Author
- Thread