From 4a1a2dead9b382b4315eddbd06ddb1c83f1ccf5e Mon Sep 17 00:00:00 2001 From: Nicolas Lacasse Date: Wed, 24 Oct 2018 10:41:34 -0700 Subject: Run ptrace stubs in their own session and process group. Pseudoterminal job control signals are meant to be received and handled by the sandbox process, but if the ptrace stubs are running in the same process group, they will receive the signals as well and inject then into the sentry kernel. This can result in duplicate signals being delivered (often to the wrong process), or a sentry panic if the ptrace stub is inactive. This CL makes the ptrace stub run in a new session. PiperOrigin-RevId: 218536851 Change-Id: Ie593c5687439bbfbf690ada3b2197ea71ed60a0e --- pkg/sentry/platform/ptrace/subprocess_linux.go | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'pkg') diff --git a/pkg/sentry/platform/ptrace/subprocess_linux.go b/pkg/sentry/platform/ptrace/subprocess_linux.go index 7523487e7..73ddc559b 100644 --- a/pkg/sentry/platform/ptrace/subprocess_linux.go +++ b/pkg/sentry/platform/ptrace/subprocess_linux.go @@ -222,14 +222,21 @@ func attachedThread(flags uintptr, defaultAction uint32) (*thread, error) { return t, nil } + // Move the stub to a new session (and thus a new process group). This + // prevents the stub from getting PTY job control signals intended only + // for the sentry process. We must call this before restoring signal + // mask. + if _, _, errno := syscall.RawSyscall(syscall.SYS_SETSID, 0, 0, 0); errno != 0 { + syscall.RawSyscall(syscall.SYS_EXIT, uintptr(errno), 0, 0) + } + // afterForkInChild resets all signals to their default dispositions // and restores the signal mask to its pre-fork state. afterForkInChild() // Explicitly unmask all signals to ensure that the tracer can see // them. - errno = unmaskAllSignals() - if errno != 0 { + if errno := unmaskAllSignals(); errno != 0 { syscall.RawSyscall(syscall.SYS_EXIT, uintptr(errno), 0, 0) } -- cgit v1.2.3