diff options
| author | jln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-03-26 04:16:58 +0000 |
|---|---|---|
| committer | jln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-03-26 04:16:58 +0000 |
| commit | 6c24cad279e3ddda5f7ec41dae5fc6df761e0d4b (patch) | |
| tree | 9ef514f2ff6af7b7546bcd4aca9b06940fed4fa0 | |
| parent | b55d24ae87d4f7287771d71c0d53346536dd0300 (diff) | |
| download | chromium_src-6c24cad279e3ddda5f7ec41dae5fc6df761e0d4b.zip chromium_src-6c24cad279e3ddda5f7ec41dae5fc6df761e0d4b.tar.gz chromium_src-6c24cad279e3ddda5f7ec41dae5fc6df761e0d4b.tar.bz2 | |
Linux: do not associate SIGSYS with the StackDumpSignalHandler
On Linux, SIGSYS is reserved for the kernel's seccomp-bpf feature, so
don't set a handler for it before engaging the sandbox.
When we engage the sandbow we DLOG(FATAL) if there is an existing
signal handler for SIGSYS.
BUG=355453
NOTRY=true
Review URL: https://codereview.chromium.org/209323012
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@259471 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | base/debug/stack_trace_posix.cc | 4 | ||||
| -rw-r--r-- | sandbox/linux/seccomp-bpf/trap.cc | 7 |
2 files changed, 9 insertions, 2 deletions
diff --git a/base/debug/stack_trace_posix.cc b/base/debug/stack_trace_posix.cc index a7c1c6f..2d63a24 100644 --- a/base/debug/stack_trace_posix.cc +++ b/base/debug/stack_trace_posix.cc @@ -37,6 +37,7 @@ #include "base/numerics/safe_conversions.h" #include "base/posix/eintr_wrapper.h" #include "base/strings/string_number_conversions.h" +#include "build/build_config.h" #if defined(USE_SYMBOLIZE) #include "base/third_party/symbolize/symbolize.h" @@ -725,7 +726,10 @@ bool EnableInProcessStackDumping() { success &= (sigaction(SIGFPE, &action, NULL) == 0); success &= (sigaction(SIGBUS, &action, NULL) == 0); success &= (sigaction(SIGSEGV, &action, NULL) == 0); +// On Linux, SIGSYS is reserved by the kernel for seccomp-bpf sandboxing. +#if !defined(OS_LINUX) success &= (sigaction(SIGSYS, &action, NULL) == 0); +#endif // !defined(OS_LINUX) return success; } diff --git a/sandbox/linux/seccomp-bpf/trap.cc b/sandbox/linux/seccomp-bpf/trap.cc index 553a904..f8b64c9 100644 --- a/sandbox/linux/seccomp-bpf/trap.cc +++ b/sandbox/linux/seccomp-bpf/trap.cc @@ -82,8 +82,11 @@ Trap::Trap() } if (!IsDefaultSignalAction(old_sa)) { - // TODO(jln): make this FATAL, at least in DEBUG mode. - LOG(ERROR) << "Existing signal handler when trying to install SIGSYS"; + static const char kExistingSIGSYSMsg[] = + "Existing signal handler when trying to install SIGSYS. SIGSYS needs " + "to be reserved for seccomp-bpf."; + DLOG(FATAL) << kExistingSIGSYSMsg; + LOG(ERROR) << kExistingSIGSYSMsg; } // Unmask SIGSYS |