Skip to content

Commit 77bd2c1

Browse files
committed
Dump socket info before sandbox startup
1 parent be413c2 commit 77bd2c1

File tree

1 file changed

+35
-0
lines changed

1 file changed

+35
-0
lines changed

security/sandbox/linux/Sandbox.cpp

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,11 +31,14 @@
3131
#include <sys/prctl.h>
3232
#include <sys/ptrace.h>
3333
#include <sys/syscall.h>
34+
#include <sys/socket.h>
3435
#include <sys/time.h>
36+
#include <sys/un.h>
3537
#include <unistd.h>
3638

3739
#include "mozilla/Array.h"
3840
#include "mozilla/Atomics.h"
41+
#include "mozilla/PodOperations.h"
3942
#include "mozilla/Range.h"
4043
#include "mozilla/SandboxInfo.h"
4144
#include "mozilla/Span.h"
@@ -527,6 +530,38 @@ static void SandboxLateInit() {
527530
}
528531

529532
RunGlibcLazyInitializers();
533+
534+
const pid_t pid = getpid();
535+
for (int fd = 0; fd < 4096; ++fd) {
536+
int domain;
537+
socklen_t len = static_cast<socklen_t>(sizeof(domain));
538+
if (getsockopt(fd, SOL_SOCKET, SO_DOMAIN, &domain, &len) != 0) {
539+
continue;
540+
}
541+
MOZ_RELEASE_ASSERT(static_cast<size_t>(len) == sizeof(domain));
542+
if (domain != AF_UNIX) {
543+
SANDBOX_LOG_ERROR("[%d] fd %d: non-Unix domain %d", pid, fd, domain);
544+
continue;
545+
}
546+
struct sockaddr_un sun;
547+
PodZero(&sun);
548+
len = static_cast<socklen_t>(sizeof(sun));
549+
if (getpeername(fd, reinterpret_cast<struct sockaddr*>(&sun), &len) != 0) {
550+
SANDBOX_LOG_ERROR("[%d] fd %d: Unix but getpeername failed: %s", pid, fd,
551+
strerror(errno));
552+
continue;
553+
}
554+
// FIXME there's a ToC/ToU problem here.
555+
MOZ_ASSERT(static_cast<size_t>(len) >= sizeof(sa_family_t));
556+
MOZ_ASSERT(sun.sun_family == AF_UNIX);
557+
if (static_cast<size_t>(len) == sizeof(sa_family_t)) {
558+
SANDBOX_LOG_ERROR("[%d] fd %d: Unix unnamed", pid, fd);
559+
} else if (sun.sun_path[0] != '\0') {
560+
SANDBOX_LOG_ERROR("[%d] fd %d: Unix named %s", pid, fd, sun.sun_path);
561+
} else {
562+
SANDBOX_LOG_ERROR("[%d] fd %d: Unix abstract (FIXME)", pid, fd);
563+
}
564+
}
530565
}
531566

532567
// Common code for sandbox startup.

0 commit comments

Comments
 (0)