diff options
Diffstat (limited to 'user/firefox-esr/seccomp-time64.patch')
| -rw-r--r-- | user/firefox-esr/seccomp-time64.patch | 112 |
1 files changed, 0 insertions, 112 deletions
diff --git a/user/firefox-esr/seccomp-time64.patch b/user/firefox-esr/seccomp-time64.patch deleted file mode 100644 index 72cc28b5d..000000000 --- a/user/firefox-esr/seccomp-time64.patch +++ /dev/null @@ -1,112 +0,0 @@ -This drops the use of the chromium sandbox syscall headers which were -defining syscall numbers if they were undefined. This masked the time64 -issue initially since while musl renamed several of the time32 syscall -numbers to catch breakage like this, these headers were silently -bringing them back. I did this by comparing the syscall numbers provided -by the chromium and musl headers and redefining the generic names to -their time64 counterparts. - -For gettimeofday and settimeofday there does not appear to be a time64 -counterpart so I have defined them as the time32 versions. For -settimeofday this should not matter (the seccomp filter will block this -by virture of not being on the whitelist - no content process needs to -set the time anyway). - -It is not possible to entirely block the usage of time32 syscalls -because musl uses them internally when it can or in fallback paths. - -I did not check the MIPS headers since we don't currently ship a MIPS -port, so in the future those includes should be examined and dropped -too... - ---- firefox-68.8.0/security/sandbox/chromium/sandbox/linux/system_headers/linux_syscalls.h 2020-04-29 16:49:45.000000000 -0500 -+++ firefox-68.8.0/security/sandbox/chromium/sandbox/linux/system_headers/linux_syscalls.h 2020-05-20 03:09:47.369457646 -0500 -@@ -8,18 +8,7 @@ - - #ifndef SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_SYSCALLS_H_ - #define SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_SYSCALLS_H_ -- --#if defined(__x86_64__) --#include "sandbox/linux/system_headers/x86_64_linux_syscalls.h" --#endif -- --#if defined(__i386__) --#include "sandbox/linux/system_headers/x86_32_linux_syscalls.h" --#endif -- --#if defined(__arm__) && defined(__ARM_EABI__) --#include "sandbox/linux/system_headers/arm_linux_syscalls.h" --#endif -+#include <sys/syscall.h> - - #if defined(__mips__) && (_MIPS_SIM == _ABIO32) - #include "sandbox/linux/system_headers/mips_linux_syscalls.h" -@@ -33,5 +22,36 @@ - #include "sandbox/linux/system_headers/arm64_linux_syscalls.h" - #endif - -+#if !defined(__NR_clock_getres) && defined(__NR_clock_getres_time64) -+#define __NR_clock_getres __NR_clock_getres_time64 -+#endif -+#if !defined(__NR_clock_gettime) && defined(__NR_clock_gettime64) -+#define __NR_clock_gettime __NR_clock_gettime64 -+#endif -+#if !defined(__NR_clock_nanosleep) && defined(__NR_clock_nanosleep_time64) -+#define __NR_clock_nanosleep __NR_clock_nanosleep_time64 -+#endif -+#if !defined(__NR_clock_settime) && defined(__NR_clock_settime64) -+#define __NR_clock_settime __NR_clock_settime64 -+#endif -+#if !defined(__NR_gettimeofday) && defined(__NR_gettimeofday_time32) -+#define __NR_gettimeofday __NR_gettimeofday_time32 -+#endif -+#if !defined(__NR_settimeofday) && defined(__NR_settimeofday_time32) -+#define __NR_settimeofday __NR_settimeofday_time32 -+#endif -+#if !defined(__NR_timer_gettime) && defined(__NR_timer_gettime64) -+#define __NR_timer_gettime __NR_timer_gettime64 -+#endif -+#if !defined(__NR_timer_settime) && defined(__NR_timer_settime64) -+#define __NR_timer_settime __NR_timer_settime64 -+#endif -+#if !defined(__NR_timerfd_gettime) && defined(__NR_timerfd_gettime64) -+#define __NR_timerfd_gettime __NR_timerfd_gettime64 -+#endif -+#if !defined(__NR_timerfd_settime) && defined(__NR_timerfd_settime64) -+#define __NR_timerfd_settime __NR_timerfd_settime64 -+#endif -+ - #endif // SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_SYSCALLS_H_ - ---- firefox-68.8.0/security/sandbox/linux/SandboxFilter.cpp 2020-04-29 16:49:45.000000000 -0500 -+++ firefox-68.8.0/security/sandbox/linux/SandboxFilter.cpp 2020-05-19 23:33:27.829642593 -0500 -@@ -478,6 +478,9 @@ class SandboxPolicyCommon : public Sandb - - // Thread synchronization - case __NR_futex: -+#ifdef __NR_futex_time64 -+ case __NR_futex_time64: -+#endif - // FIXME: This could be more restrictive.... - return Allow(); - -@@ -488,6 +491,9 @@ class SandboxPolicyCommon : public Sandb - case __NR_epoll_pwait: - case __NR_epoll_ctl: - case __NR_ppoll: -+#ifdef __NR_ppoll_time64 -+ case __NR_ppoll_time64: -+#endif - case __NR_poll: - return Allow(); - -@@ -1017,6 +1023,9 @@ class ContentSandboxPolicy : public Sand - - CASES_FOR_select: - case __NR_pselect6: -+#ifdef __NR_pselect6_time64 -+ case __NR_pselect6_time64: -+#endif - return Allow(); - - CASES_FOR_getdents: |