From 93817d892548db363431ebb7f31518df0d8582ec Mon Sep 17 00:00:00 2001
From: Andrei Vagin <avagin@google.com>
Date: Fri, 9 Oct 2020 10:44:28 -0700
Subject: executor: set parent-death signal after changing user or group ID-s

The parent-death signal is set in sandbox_common, but then setresuid and
setresgid clear it and we need to set it again.

Signed-off-by: Andrei Vagin <avagin@google.com>
---
 pkg/csource/generated.go | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'pkg/csource/generated.go')

diff --git a/pkg/csource/generated.go b/pkg/csource/generated.go
index 2d3263b65..ff758df9b 100644
--- a/pkg/csource/generated.go
+++ b/pkg/csource/generated.go
@@ -7995,6 +7995,7 @@ static int do_sandbox_setuid(void)
 		fail("failed to setresgid");
 	if (syscall(SYS_setresuid, nobody, nobody, nobody))
 		fail("failed to setresuid");
+	prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0);
 	prctl(PR_SET_DUMPABLE, 1, 0, 0, 0);
 
 	loop();
@@ -8762,6 +8763,7 @@ static int do_sandbox_android(void)
 
 	if (setresuid(UNTRUSTED_APP_UID, UNTRUSTED_APP_UID, UNTRUSTED_APP_UID) != 0)
 		fail("setresuid failed");
+	prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0);
 
 	syz_setfilecon(".", SELINUX_LABEL_APP_DATA_FILE);
 	syz_setcon(SELINUX_CONTEXT_UNTRUSTED_APP);
-- 
cgit mrf-deployment