static void Reporter(int nr, siginfo_t *info, void *void_context) { ucontext_t *ctx = static_cast<ucontext_t*>(void_context); unsigned long syscall_nr, args[6]; pid_t pid = getpid(), tid = syscall(__NR_gettid); if (nr != SIGSYS) { return; } if (info->si_code != SYS_SECCOMP) { return; } if (!ctx) { return; } syscall_nr = SECCOMP_SYSCALL(ctx); args[0] = SECCOMP_PARM1(ctx); args[1] = SECCOMP_PARM2(ctx); args[2] = SECCOMP_PARM3(ctx); args[3] = SECCOMP_PARM4(ctx); args[4] = SECCOMP_PARM5(ctx); args[5] = SECCOMP_PARM6(ctx); LOG_ERROR("seccomp sandbox violation: pid %d, syscall %lu, args %lu %lu %lu" " %lu %lu %lu. Killing process.", pid, syscall_nr, args[0], args[1], args[2], args[3], args[4], args[5]); #ifdef MOZ_CRASHREPORTER bool dumped = CrashReporter::WriteMinidumpForSigInfo(nr, info, void_context); if (!dumped) { LOG_ERROR("Failed to write minidump"); } #endif // Do this last, in case it crashes or deadlocks. SandboxLogJSStack(); // Try to reraise, so the parent sees that this process crashed. // (If tgkill is forbidden, then seccomp will raise SIGSYS, which // also accomplishes that goal.) signal(SIGSYS, SIG_DFL); syscall(__NR_tgkill, pid, tid, nr); _exit(127); }
static void SandboxCrash(int nr, siginfo_t *info, void *void_context) { pid_t pid = getpid(), tid = syscall(__NR_gettid); bool dumped = CrashReporter::WriteMinidumpForSigInfo(nr, info, void_context); if (!dumped) { SANDBOX_LOG_ERROR("crash reporter is disabled (or failed);" " trying stack trace:"); SandboxLogCStack(); } // Do this last, in case it crashes or deadlocks. SandboxLogJSStack(); // Try to reraise, so the parent sees that this process crashed. // (If tgkill is forbidden, then seccomp will raise SIGSYS, which // also accomplishes that goal.) signal(SIGSYS, SIG_DFL); syscall(__NR_tgkill, pid, tid, nr); }
/** * This is the SIGSYS handler function. It is used to report to the user * which system call has been denied by Seccomp. * This function also makes the process exit as denying the system call * will otherwise generally lead to unexpected behavior from the process, * since we don't know if all functions will handle such denials gracefully. * * @see InstallSyscallReporter() function. */ static void Reporter(int nr, siginfo_t *info, void *void_context) { ucontext_t *ctx = static_cast<ucontext_t*>(void_context); unsigned long syscall_nr, args[6]; pid_t pid = getpid(), tid = syscall(__NR_gettid); if (nr != SIGSYS) { return; } if (info->si_code != SYS_SECCOMP) { return; } if (!ctx) { return; } syscall_nr = SECCOMP_SYSCALL(ctx); args[0] = SECCOMP_PARM1(ctx); args[1] = SECCOMP_PARM2(ctx); args[2] = SECCOMP_PARM3(ctx); args[3] = SECCOMP_PARM4(ctx); args[4] = SECCOMP_PARM5(ctx); args[5] = SECCOMP_PARM6(ctx); #ifdef MOZ_GMP_SANDBOX if (syscall_nr == __NR_open && gMediaPluginFilePath) { const char *path = reinterpret_cast<const char*>(args[0]); int flags = int(args[1]); if ((flags & O_ACCMODE) != O_RDONLY) { LOG_ERROR("non-read-only open of file %s attempted (flags=0%o)", path, flags); } else if (strcmp(path, gMediaPluginFilePath) != 0) { LOG_ERROR("attempt to open file %s which is not the media plugin %s", path, gMediaPluginFilePath); } else if (gMediaPluginFileDesc == -1) { LOG_ERROR("multiple opens of media plugin file unimplemented"); } else { SECCOMP_RESULT(ctx) = gMediaPluginFileDesc; gMediaPluginFileDesc = -1; return; } } #endif LOG_ERROR("seccomp sandbox violation: pid %d, syscall %lu, args %lu %lu %lu" " %lu %lu %lu. Killing process.", pid, syscall_nr, args[0], args[1], args[2], args[3], args[4], args[5]); #ifdef MOZ_CRASHREPORTER // Bug 1017393: record syscall number somewhere useful. info->si_addr = reinterpret_cast<void*>(syscall_nr); bool dumped = CrashReporter::WriteMinidumpForSigInfo(nr, info, void_context); if (!dumped) { LOG_ERROR("Failed to write minidump"); } #endif // Do this last, in case it crashes or deadlocks. SandboxLogJSStack(); // Try to reraise, so the parent sees that this process crashed. // (If tgkill is forbidden, then seccomp will raise SIGSYS, which // also accomplishes that goal.) signal(SIGSYS, SIG_DFL); syscall(__NR_tgkill, pid, tid, nr); _exit(127); }