libsandbox: set syscall error rather than killing on violations - proj/sandbox.git

diff options

author	Mike Frysinger <vapier@gentoo.org>	2012-03-05 01:57:19 -0500
committer	Mike Frysinger <vapier@gentoo.org>	2012-03-06 14:00:33 -0500
commit	19c9819364989b4831917c880af9a977beb5ce83 (patch)
tree	773b8b330002e46e288d7ec198ca204118b5d929 /AUTHORS
parent	libsandbox: add likely/unlikely support (diff)
download	sandbox-19c9819364989b4831917c880af9a977beb5ce83.tar.gz sandbox-19c9819364989b4831917c880af9a977beb5ce83.tar.bz2 sandbox-19c9819364989b4831917c880af9a977beb5ce83.zip

libsandbox: set syscall error rather than killing on violations

If we kill the app, then the syscall that we flagged as a violation will complete, and our entire purpose has failed -- to prevent modifications to the protected paths. Instead, set the syscall number to an invalid one, continue the syscall, then set the syscall return value (which will become the errno) after the syscall finishes. This way the bad syscall isn't actually executed, and we let the app continue to run like normal. URL: http://bugs.gentoo.org/406543 Reported-by: Marijn Schouten <hkbst@gentoo.org> Signed-off-by: Mike Frysinger <vapier@gentoo.org>

Diffstat (limited to 'AUTHORS')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: