Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(661)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/suid/common/suid_unsafe_environment_variables.h

Issue 14328030: Remove inline definition of SIZE_MAX in header. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 7 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // This is a list of environment variables which the ELF loader unsets when 5 // This is a list of environment variables which the ELF loader unsets when
6 // loading a SUID binary. Because they are unset rather than just ignored, they 6 // loading a SUID binary. Because they are unset rather than just ignored, they
7 // aren't passed to child processes of SUID processes either. 7 // aren't passed to child processes of SUID processes either.
8 // 8 //
9 // We need to save these environment variables before running a SUID sandbox 9 // We need to save these environment variables before running a SUID sandbox
10 // and restore them before running child processes (but after dropping root). 10 // and restore them before running child processes (but after dropping root).
11 // 11 //
12 // List gathered from glibc sources (00ebd7ed58df389a78e41dece058048725cb585e): 12 // List gathered from glibc sources (00ebd7ed58df389a78e41dece058048725cb585e):
13 // sysdeps/unix/sysv/linux/i386/dl-librecon.h 13 // sysdeps/unix/sysv/linux/i386/dl-librecon.h
14 // sysdeps/generic/unsecvars.h 14 // sysdeps/generic/unsecvars.h
15 15
16 #ifndef SANDBOX_LINUX_SUID_SUID_UNSAFE_ENVIRONMENT_VARIABLES_H_ 16 #ifndef SANDBOX_LINUX_SUID_SUID_UNSAFE_ENVIRONMENT_VARIABLES_H_
17 #define SANDBOX_LINUX_SUID_SUID_UNSAFE_ENVIRONMENT_VARIABLES_H_ 17 #define SANDBOX_LINUX_SUID_SUID_UNSAFE_ENVIRONMENT_VARIABLES_H_
18 18
19 #if defined(__cplusplus) 19 #include <stdint.h>
20 #include <limits>
21 #define SIZE_MAX std::numeric_limits<size_t>::max()
22 #endif
23
24 #include <stdlib.h> // malloc 20 #include <stdlib.h> // malloc
25 #include <string.h> // memcpy 21 #include <string.h> // memcpy
26 22
27 static const char* kSUIDUnsafeEnvironmentVariables[] = { 23 static const char* kSUIDUnsafeEnvironmentVariables[] = {
28 "LD_AOUT_LIBRARY_PATH", 24 "LD_AOUT_LIBRARY_PATH",
29 "LD_AOUT_PRELOAD", 25 "LD_AOUT_PRELOAD",
30 "GCONV_PATH", 26 "GCONV_PATH",
31 "GETCONF_DIR", 27 "GETCONF_DIR",
32 "HOSTALIASES", 28 "HOSTALIASES",
33 "LD_AUDIT", 29 "LD_AUDIT",
(...skipping 15 matching lines...) Expand all
49 "RES_OPTIONS", 45 "RES_OPTIONS",
50 "TMPDIR", 46 "TMPDIR",
51 "TZDIR", 47 "TZDIR",
52 NULL, 48 NULL,
53 }; 49 };
54 50
55 // Return a malloc allocated string containing the 'saved' environment variable 51 // Return a malloc allocated string containing the 'saved' environment variable
56 // name for a given environment variable. 52 // name for a given environment variable.
57 static inline char* SandboxSavedEnvironmentVariable(const char* envvar) { 53 static inline char* SandboxSavedEnvironmentVariable(const char* envvar) {
58 const size_t envvar_len = strlen(envvar); 54 const size_t envvar_len = strlen(envvar);
55 const size_t kMaxSizeT = (size_t) -1;
59 56
60 if (envvar_len > SIZE_MAX - 1 -8) 57 if (envvar_len > kMaxSizeT - 1 -8)
61 return NULL; 58 return NULL;
62 59
63 const size_t saved_envvarlen = envvar_len + 1 /* NUL terminator */ + 60 const size_t saved_envvarlen = envvar_len + 1 /* NUL terminator */ +
64 8 /* strlen("SANDBOX_") */; 61 8 /* strlen("SANDBOX_") */;
65 char* const saved_envvar = (char*) malloc(saved_envvarlen); 62 char* const saved_envvar = (char*) malloc(saved_envvarlen);
66 if (!saved_envvar) 63 if (!saved_envvar)
67 return NULL; 64 return NULL;
68 65
69 memcpy(saved_envvar, "SANDBOX_", 8); 66 memcpy(saved_envvar, "SANDBOX_", 8);
70 memcpy(saved_envvar + 8, envvar, envvar_len); 67 memcpy(saved_envvar + 8, envvar, envvar_len);
71 saved_envvar[8 + envvar_len] = 0; 68 saved_envvar[8 + envvar_len] = 0;
72 69
73 return saved_envvar; 70 return saved_envvar;
74 } 71 }
75 72
76 #if defined(__cplusplus)
77 #undef SIZE_MAX
78 #endif
79
80 #endif // SANDBOX_LINUX_SUID_SUID_UNSAFE_ENVIRONMENT_VARIABLES_H_ 73 #endif // SANDBOX_LINUX_SUID_SUID_UNSAFE_ENVIRONMENT_VARIABLES_H_
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698