diff options
author | Mike Frysinger <vapier@gentoo.org> | 2021-10-21 12:16:55 -0400 |
---|---|---|
committer | Mike Frysinger <vapier@gentoo.org> | 2021-10-21 12:16:55 -0400 |
commit | 44ca5fb71633b9199971299268e34baa36de3d93 (patch) | |
tree | bb7d9bc29e9b8fb9f0bf76388c67c8f482d80726 | |
parent | libsandbox: switch tracing from signal handler to waitpid (diff) | |
download | sandbox-44ca5fb71633b9199971299268e34baa36de3d93.tar.gz sandbox-44ca5fb71633b9199971299268e34baa36de3d93.tar.bz2 sandbox-44ca5fb71633b9199971299268e34baa36de3d93.zip |
libsandbox: enable exitkill containmentv2.26
If the ptrace code crashes/aborts for any reason, don't let the tracee
leak out. No one will be expecting this, and it could lead to zombie
processes hanging around.
This option is new to Linux 3.8. We could code this so that it would
fallback automatically to older versions of Linux, but with 3.8 being
released in 2013, doesn't seem like we need to support anyone that old.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | libsandbox/trace.c | 7 |
2 files changed, 7 insertions, 2 deletions
@@ -72,6 +72,6 @@ It requires: * s390 (32-bit & 64-bit) * x86 (32-bit & 64-bit & x32) * Operating system - * [Linux](https://kernel.org/) 2.6.20+ + * [Linux](https://kernel.org/) 3.8+ * C library * They all should work! diff --git a/libsandbox/trace.c b/libsandbox/trace.c index 8394b71..4d145a3 100644 --- a/libsandbox/trace.c +++ b/libsandbox/trace.c @@ -507,7 +507,12 @@ void trace_main(const char *filename, char *const argv[]) sb_debug("parent waiting for child (pid=%i) to signal", trace_pid); waitpid(trace_pid, NULL, 0); do_ptrace(PTRACE_SETOPTIONS, NULL, - (void *)(PTRACE_O_TRACESYSGOOD | PTRACE_O_TRACEEXEC | PTRACE_O_TRACEEXIT)); + (void *)(uintptr_t)( + PTRACE_O_EXITKILL | + PTRACE_O_TRACEEXEC | + PTRACE_O_TRACEEXIT | + PTRACE_O_TRACESYSGOOD + )); sb_close_all_fds(); trace_loop(); sb_ebort("ISE: child should have quit, as should we\n"); |