From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <fweimer@redhat.com>
Received: from us-smtp-delivery-1.mimecast.com (us-smtp-2.mimecast.com
 [207.211.31.81])
 by sourceware.org (Postfix) with ESMTP id 19AC2384B13D
 for <libc-alpha@sourceware.org>; Thu,  9 Jul 2020 18:16:05 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 19AC2384B13D
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-73-vRmG0rbtOmWWul2fP_IL9w-1; Thu, 09 Jul 2020 14:15:54 -0400
X-MC-Unique: vRmG0rbtOmWWul2fP_IL9w-1
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
 [10.5.11.13])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 859BC80BCAD;
 Thu,  9 Jul 2020 18:15:52 +0000 (UTC)
Received: from oldenburg2.str.redhat.com (ovpn-114-125.ams2.redhat.com
 [10.36.114.125])
 by smtp.corp.redhat.com (Postfix) with ESMTPS id B2A4C7981F;
 Thu,  9 Jul 2020 18:15:50 +0000 (UTC)
From: Florian Weimer <fweimer@redhat.com>
To: Gian-Carlo Pascutto <gpascutto@mozilla.com>
Cc: Szabolcs Nagy <szabolcs.nagy@arm.com>,  mathieu.desnoyers@efficios.com,
 libc-alpha@sourceware.org,  Christian Brauner
 <christian.brauner@ubuntu.com>,  Jed Davis <jld@mozilla.com>,  Emilio
 Cobos =?utf-8?Q?=C3=81lvarez?= <ealvarez@mozilla.com>,  Rich Felker
 <dalias@libc.org>
Subject: Re: glibc 2.32 rseq support incompatible with Firefox sandbox
References: <87pn94688t.fsf@oldenburg2.str.redhat.com>
 <20200709163407.GB26482@arm.com>
 <CAMqpMh4k2tAMOqEkHyt1HFRx8wsgUZbroLUenta40n5+8u9hiw@mail.gmail.com>
Date: Thu, 09 Jul 2020 20:15:49 +0200
In-Reply-To: <CAMqpMh4k2tAMOqEkHyt1HFRx8wsgUZbroLUenta40n5+8u9hiw@mail.gmail.com>
 (Gian-Carlo Pascutto's message of "Thu, 9 Jul 2020 20:10:10 +0200")
Message-ID: <87d0545zca.fsf@oldenburg2.str.redhat.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain
X-Spam-Status: No, score=-7.5 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH,
 DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, RCVD_IN_DNSWL_NONE,
 RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_PASS,
 TXREP autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <http://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <http://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Jul 2020 18:16:06 -0000

* Gian-Carlo Pascutto:

> If all we need to do here is allow rseq, then it's not really a
> problem. If it's a more fundamental issue with the signal blocking,
> we'll need to figure out a workaround until sandboxed browsers can add
> support for and add the entirely new seccomp implementation.

rseq and rt_sigprocmask are the only new system call after clone in
glibc 2.32.  rt_sigprocmask should be fine, so only rseq needs to be
permitted.  It would be be best not to deny rseq on specific threads if
it has already succeeded on the main thread.

Thanks,
Florian