Linux Sandbox: LOG error if a previous SIGSYS handler exists.

SIGSYS is a reserved signal on Linux for the seccomp-bpf sandbox. If a previous handler for SIGSYS exists, log an error. BUG=178166 R=markus@chromium.org Review URL: https://codereview.chromium.org/23960006 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@221539 0039d316-1c4b-4281-b951-d872f2087c98

Linux Sandbox: LOG error if a previous SIGSYS handler exists.
SIGSYS is a reserved signal on Linux for the seccomp-bpf sandbox. If a previous handler for SIGSYS exists, log an error. BUG=178166 R=markus@chromium.org Review URL: https://codereview.chromium.org/23960006 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@221539 0039d316-1c4b-4281-b951-d872f2087c98
3bbc0172 · jln@chromium.org · d537003d · 3bbc0172
Commit 3bbc0172 authored Sep 05, 2013 by jln@chromium.org
Hide whitespace changes
Inline Side-by-side

Showing with 15 additions and 1 deletion

sandbox/linux/seccomp-bpf/trap.cc sandbox/linux/seccomp-bpf/trap.cc +15 -1

No files found.
--- a/sandbox/linux/seccomp-bpf/trap.cc
+++ b/sandbox/linux/seccomp-bpf/trap.cc
@@ -61,6 +61,14 @@ void SetIsInSigHandler() {
  }
 }
+bool IsDefaultSignalAction(const struct sigaction& sa) {
+  if (sa.sa_flags & SA_SIGINFO ||
+      sa.sa_handler != SIG_DFL) {
+    return false;
+  }
+  return true;
+}
 }  // namespace
 namespace playground2 {
@@ -74,10 +82,16 @@ Trap::Trap()
  struct sigaction sa = { };
  sa.sa_sigaction = SigSysAction;
  sa.sa_flags = SA_SIGINFO | SA_NODEFER;
-  if (sigaction(SIGSYS, &sa, NULL) < 0) {
+  struct sigaction old_sa;
+  if (sigaction(SIGSYS, &sa, &old_sa) < 0) {
    SANDBOX_DIE("Failed to configure SIGSYS handler");
  }
+  if (!IsDefaultSignalAction(old_sa)) {
+    // TODO(jln): make this FATAL, at least in DEBUG mode.
+    LOG(ERROR) << "Existing signal handler when trying to install SIGSYS";
+  }
  // Unmask SIGSYS
  sigset_t mask;
  if (sigemptyset(&mask) ||