[Webkit-unassigned] [Bug 153235] [Linux] Seccomp filters: safely allocate all memory used by web process signal handler
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Feb 10 16:16:12 PST 2016
https://bugs.webkit.org/show_bug.cgi?id=153235
Thiago Marcos P. Santos <tmpsantos at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |tmpsantos at gmail.com
--- Comment #1 from Thiago Marcos P. Santos <tmpsantos at gmail.com> ---
I think you can, because it a synchronous signal. You have total control of when the thread will jump into the signal handler. Think of it like "open()" calling a wrapper before doing the actual "open()".
The problem would be if you have to handle a SIGSYS (or pretty much any other signal) not emitted by a seccomp fault and you allocate memory.
In this case your program could be preempted on any state, including in the middle of a memory allocation.
This premiss is the reason why the whole thing works in the first place.
The problem I see would be if you call "malloc()" and malloc does some funny stuff and ultimately call a function that triggers a SIGSYS before returning. In this case things will go wrong because malloc data structures could be in a fragile state, but I suppose memory allocators will only do "brk()" and "memmap()" anonymous and you are not catching these.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160211/f9a32966/attachment-0001.html>
More information about the webkit-unassigned
mailing list