OoO En ce milieu de nuit étoilée du mercredi 16 novembre 2011, vers 03:19, Jonathan Nieder <jrnie...@gmail.com> disait :
>> All I know is that changing the source to say
>>
>> if (nodb_init) {
>> std::cerr << "about to call NSS_NoDB_Init(NULL)\n";
>> status = NSS_NoDB_Init(NULL);
>> std::cerr << "finished NSS_NoDB_Init(NULL)\n";
>>
>> causes the "about to call" line to be printed, but the "finished" line
>> not to.
> Weird. It ends in here (mozilla/security/nss/lib/freebl/drbg.c):
> | static PRStatus rng_init(void)
> | {
> | PRUint8 bytes[PRNG_SEEDLEN*2]; /* entropy + nonce */
> | unsigned int numBytes;
> | fprintf(stderr, "not printed\n"); <--- not reached
> [...]
> | SECStatus
> | RNG_RNGInit(void)
> | {
> | /* Allow only one call to initialize the context */
> | fprintf(stderr, "about to call rng_init()\n"); <--- reached
> | PR_CallOnce(&coRNGInit, rng_init);
> | fprintf(stderr, "not printed\n"); <--- not reached
> Call chain:
> ... -> NSC_Initialize() -> nsc_CommonInitialize() ->
> loader.c::RNGInit() -> drbg.c::RNG_RNGInit()
I have tried to help too but I don't have enough resources to compile
Chromium. I was thinking modifying setuid helper to not chroot nor
change its namespace. If the bug is still present in this configuration,
this would allow to get an appropriate core dump.
In sandbox.c, I would suppress chdir(), chroot() and chdir() calls in
SpawnChrootHelper(). I would also replace MoveToNewNamespaces() by
"return true;". Running with no limit for core dumps would allow to get
a core file. Maybe this will give additional hints.
--
Vincent Bernat ☯ http://vincent.bernat.im
#define BB_STAT2_TMP_INTR 0x10 /* My Penguins are burning.
Are you able to smell it? */
2.2.16 /usr/src/linux/include/asm-sparc/obio.h
pgpUG6DxUcfYX.pgp
Description: PGP signature
