|
31 | 31 | #include <sys/prctl.h>
|
32 | 32 | #include <sys/ptrace.h>
|
33 | 33 | #include <sys/syscall.h>
|
| 34 | +#include <sys/socket.h> |
34 | 35 | #include <sys/time.h>
|
| 36 | +#include <sys/un.h> |
35 | 37 | #include <unistd.h>
|
36 | 38 |
|
37 | 39 | #include "mozilla/Array.h"
|
38 | 40 | #include "mozilla/Atomics.h"
|
| 41 | +#include "mozilla/PodOperations.h" |
39 | 42 | #include "mozilla/Range.h"
|
40 | 43 | #include "mozilla/SandboxInfo.h"
|
41 | 44 | #include "mozilla/Span.h"
|
@@ -527,6 +530,38 @@ static void SandboxLateInit() {
|
527 | 530 | }
|
528 | 531 |
|
529 | 532 | RunGlibcLazyInitializers();
|
| 533 | + |
| 534 | + const pid_t pid = getpid(); |
| 535 | + for (int fd = 0; fd < 4096; ++fd) { |
| 536 | + int domain; |
| 537 | + socklen_t len = static_cast<socklen_t>(sizeof(domain)); |
| 538 | + if (getsockopt(fd, SOL_SOCKET, SO_DOMAIN, &domain, &len) != 0) { |
| 539 | + continue; |
| 540 | + } |
| 541 | + MOZ_RELEASE_ASSERT(static_cast<size_t>(len) == sizeof(domain)); |
| 542 | + if (domain != AF_UNIX) { |
| 543 | + SANDBOX_LOG_ERROR("[%d] fd %d: non-Unix domain %d", pid, fd, domain); |
| 544 | + continue; |
| 545 | + } |
| 546 | + struct sockaddr_un sun; |
| 547 | + PodZero(&sun); |
| 548 | + len = static_cast<socklen_t>(sizeof(sun)); |
| 549 | + if (getpeername(fd, reinterpret_cast<struct sockaddr*>(&sun), &len) != 0) { |
| 550 | + SANDBOX_LOG_ERROR("[%d] fd %d: Unix but getpeername failed: %s", pid, fd, |
| 551 | + strerror(errno)); |
| 552 | + continue; |
| 553 | + } |
| 554 | + // FIXME there's a ToC/ToU problem here. |
| 555 | + MOZ_ASSERT(static_cast<size_t>(len) >= sizeof(sa_family_t)); |
| 556 | + MOZ_ASSERT(sun.sun_family == AF_UNIX); |
| 557 | + if (static_cast<size_t>(len) == sizeof(sa_family_t)) { |
| 558 | + SANDBOX_LOG_ERROR("[%d] fd %d: Unix unnamed", pid, fd); |
| 559 | + } else if (sun.sun_path[0] != '\0') { |
| 560 | + SANDBOX_LOG_ERROR("[%d] fd %d: Unix named %s", pid, fd, sun.sun_path); |
| 561 | + } else { |
| 562 | + SANDBOX_LOG_ERROR("[%d] fd %d: Unix abstract (FIXME)", pid, fd); |
| 563 | + } |
| 564 | + } |
530 | 565 | }
|
531 | 566 |
|
532 | 567 | // Common code for sandbox startup.
|
|
0 commit comments