diff options
Diffstat (limited to 'executor/executor.cc')
| -rw-r--r-- | executor/executor.cc | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/executor/executor.cc b/executor/executor.cc index b42dba6ed..4d9ee9f26 100644 --- a/executor/executor.cc +++ b/executor/executor.cc @@ -7,6 +7,7 @@ #include <fcntl.h> #include <grp.h> #include <limits.h> +#include <linux/capability.h> #include <linux/futex.h> #include <linux/reboot.h> #include <pthread.h> @@ -335,6 +336,22 @@ int sandbox(void* arg) if (chdir("/")) fail("chdir failed"); + // Drop CAP_SYS_PTRACE so that test processes can't attach to parent processes. + // Previously it lead to hangs because the loop process stopped due to SIGSTOP. + // Note that a process can always ptrace its direct children, which is enough + // for testing purposes. + __user_cap_header_struct cap_hdr = {}; + __user_cap_data_struct cap_data[2] = {}; + cap_hdr.version = _LINUX_CAPABILITY_VERSION_3; + cap_hdr.pid = getpid(); + if (syscall(SYS_capget, &cap_hdr, &cap_data)) + fail("capget failed"); + cap_data[0].effective &= ~(1 << CAP_SYS_PTRACE); + cap_data[0].permitted &= ~(1 << CAP_SYS_PTRACE); + cap_data[0].inheritable &= ~(1 << CAP_SYS_PTRACE); + if (syscall(SYS_capset, &cap_hdr, &cap_data)) + fail("capset failed"); + loop(); exit(1); } |