This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: Fallout from dlopen() blocking SIGSYS
* Jed Davis:
> Also, if Firefox needs to be SIGSYS-free before 2020-09-22, when the
> 68.x extended support branch ends, then we need to somehow find a
> “low-risk” way to implement this major change.
You could perhaps probe whether the sandbox works with only minimal
local content and disable it automatically if it does not.
> As for legacy support: normally we can't rely on new kernel features
> like that (even SECCOMP_FILTER_FLAG_TSYNC is still too new to use
> without a fallback), but in this case there would have to be an older
> kernel combined with a significantly newer glibc (whichever version
> eventually unrecoverably breaks the use of SIGSYS) to have problems,
> so this is hopefully an exception.
I hope that these new seccomp interfaces are available on those systems
which benefit of them most (where applications or glibc would use
clone3, for example).
Thanks,
Florian