Overview

File chromium-glibc-2.34.patch of Package chromium.openSUSE_Backports_SLE-15-SP3_Update

From 218438259dd795456f0a48f67cbe5b4e520db88b Mon Sep 17 00:00:00 2001
From: Matthew Denton <mpdenton@chromium.org>
Date: Thu, 3 Jun 2021 20:06:13 +0000
Subject: [PATCH] Linux sandbox: return ENOSYS for clone3

Because clone3 uses a pointer argument rather than a flags argument, we
cannot examine the contents with seccomp, which is essential to
preventing sandboxed processes from starting other processes. So, we
won't be able to support clone3 in Chromium. This CL modifies the
BPF policy to return ENOSYS for clone3 so glibc always uses the fallback
to clone.

Bug: 1213452
Change-Id: I7c7c585a319e0264eac5b1ebee1a45be2d782303
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2936184
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Commit-Queue: Matthew Denton <mpdenton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#888980}
---
 sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
index 05c39f0f564e3..086c56a2be461 100644
--- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
+++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
@@ -178,6 +178,14 @@ ResultExpr EvaluateSyscallImpl(int fs_denied_errno,
     return RestrictCloneToThreadsAndEPERMFork();
   }
 
+  // clone3 takes a pointer argument which we cannot examine, so return ENOSYS
+  // to force the libc to use clone. See https://crbug.com/1213452.
+  #if defined(__NR_clone3)
+      if (sysno == __NR_clone3) {
+        return Error(ENOSYS);
+      }
+  #endif
+
   if (sysno == __NR_fcntl)
     return RestrictFcntlCommands();
 
diff -up chromium-92.0.4515.107/third_party/abseil-cpp/absl/debugging/failure_signal_handler.cc.sigstkszfix chromium-92.0.4515.107/third_party/abseil-cpp/absl/debugging/failure_signal_handler.cc
diff -up chromium-92.0.4515.107/third_party/breakpad/breakpad/src/client/linux/handler/exception_handler.cc.sigstkszfix chromium-92.0.4515.107/third_party/breakpad/breakpad/src/client/linux/handler/exception_handler.cc
--- chromium-92.0.4515.107/third_party/breakpad/breakpad/src/client/linux/handler/exception_handler.cc.sigstkszfix	2021-07-19 14:47:20.000000000 -0400
+++ chromium-92.0.4515.107/third_party/breakpad/breakpad/src/client/linux/handler/exception_handler.cc	2021-07-26 17:28:50.155924005 -0400
@@ -138,7 +139,11 @@
   // SIGSTKSZ may be too small to prevent the signal handlers from overrunning
   // the alternative stack. Ensure that the size of the alternative stack is
   // large enough.
-  static const unsigned kSigStackSize = std::max(16384, SIGSTKSZ);
+  #if __GLIBC_PREREQ(2, 34)
+      static const unsigned kSigStackSize = std::max(static_cast<long>(16384), SIGSTKSZ);
+  #else
+      static const unsigned kSigStackSize = std::max(16384, SIGSTKSZ);
+  #endif

   // Only set an alternative stack if there isn't already one, or if the current
   // one is too small.
openSUSE Build Service is sponsored by
Places