diff options
author | Nicolas Lacasse <nlacasse@google.com> | 2018-10-24 10:41:34 -0700 |
---|---|---|
committer | Shentubot <shentubot@google.com> | 2018-10-24 10:42:35 -0700 |
commit | 4a1a2dead9b382b4315eddbd06ddb1c83f1ccf5e (patch) | |
tree | 80bac57b32b472e99e18d87757b316121f3ff854 /pkg/sentry | |
parent | 46603b569c3ab20f45cf1b651d1fd3d2dda33243 (diff) |
Run ptrace stubs in their own session and process group.
Pseudoterminal job control signals are meant to be received and handled by the
sandbox process, but if the ptrace stubs are running in the same process group,
they will receive the signals as well and inject then into the sentry kernel.
This can result in duplicate signals being delivered (often to the wrong
process), or a sentry panic if the ptrace stub is inactive.
This CL makes the ptrace stub run in a new session.
PiperOrigin-RevId: 218536851
Change-Id: Ie593c5687439bbfbf690ada3b2197ea71ed60a0e
Diffstat (limited to 'pkg/sentry')
-rw-r--r-- | pkg/sentry/platform/ptrace/subprocess_linux.go | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/pkg/sentry/platform/ptrace/subprocess_linux.go b/pkg/sentry/platform/ptrace/subprocess_linux.go index 7523487e7..73ddc559b 100644 --- a/pkg/sentry/platform/ptrace/subprocess_linux.go +++ b/pkg/sentry/platform/ptrace/subprocess_linux.go @@ -222,14 +222,21 @@ func attachedThread(flags uintptr, defaultAction uint32) (*thread, error) { return t, nil } + // Move the stub to a new session (and thus a new process group). This + // prevents the stub from getting PTY job control signals intended only + // for the sentry process. We must call this before restoring signal + // mask. + if _, _, errno := syscall.RawSyscall(syscall.SYS_SETSID, 0, 0, 0); errno != 0 { + syscall.RawSyscall(syscall.SYS_EXIT, uintptr(errno), 0, 0) + } + // afterForkInChild resets all signals to their default dispositions // and restores the signal mask to its pre-fork state. afterForkInChild() // Explicitly unmask all signals to ensure that the tracer can see // them. - errno = unmaskAllSignals() - if errno != 0 { + if errno := unmaskAllSignals(); errno != 0 { syscall.RawSyscall(syscall.SYS_EXIT, uintptr(errno), 0, 0) } |