Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 23461031: FileAPIMessageFilter Security: Minimal patch to fix permissions escalation. (Closed)

Created:
7 years, 3 months ago by tommycli
Modified:
7 years, 3 months ago
Reviewers:
Tom Sepez, teravest, kinuko
CC:
chromium-reviews, joi+watch-content_chromium.org, tzik+watch_chromium.org, kinuko+watch, jam, darin-cc_chromium.org, vandebo (ex-Chrome)
Visibility:
Public.

Description

FileAPIMessageFilter Security: Minimal patch to fix permissions escalation. Per vandebo's suggestion, this is a minimal fix to the security-hole meant for backporting/merging. https://codereview.chromium.org/23760004/ is the long-term fix. BUG=284792 Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=222143

Patch Set 1 #

Patch Set 2 : #

Patch Set 3 : #

Total comments: 1
Unified diffs Side-by-side diffs Delta from patch set Stats (+15 lines, -12 lines) Patch
M content/browser/child_process_security_policy_impl.cc View 1 2 1 chunk +1 line, -0 lines 1 comment Download
M content/browser/fileapi/fileapi_message_filter.cc View 1 2 2 chunks +2 lines, -3 lines 0 comments Download
M webkit/browser/fileapi/file_permission_policy.h View 1 2 1 chunk +1 line, -1 line 0 comments Download
M webkit/browser/fileapi/file_permission_policy.cc View 1 2 1 chunk +11 lines, -8 lines 0 comments Download

Messages

Total messages: 10 (0 generated)
tommycli
7 years, 3 months ago (2013-09-05 22:03:18 UTC) #1
tommycli
Actually there's an issue with a test... hold off on reviewing this for a bit...
7 years, 3 months ago (2013-09-05 22:27:49 UTC) #2
tommycli
tsepez: Resolved the test issue. Ready for review. teravest: You may be able to answer ...
7 years, 3 months ago (2013-09-06 00:21:31 UTC) #3
teravest
Pepper supports PP_FILESYSTEMTYPE_LOCALPERSISTENT, which maps to fileapi::kFileSystemTypePersistent. On Thu, Sep 5, 2013 at 6:21 PM, ...
7 years, 3 months ago (2013-09-06 00:28:23 UTC) #4
tommycli
+kinuko
7 years, 3 months ago (2013-09-06 01:33:24 UTC) #5
kinuko
lgtm - could you cc me on the bug?
7 years, 3 months ago (2013-09-06 01:39:26 UTC) #6
tommycli
tsepez: Ping for OWNER review on minimal patch suitable for backporting.
7 years, 3 months ago (2013-09-09 20:54:05 UTC) #7
Tom Sepez
lgtm
7 years, 3 months ago (2013-09-09 20:58:26 UTC) #8
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/tommycli@chromium.org/23461031/4001
7 years, 3 months ago (2013-09-09 20:58:57 UTC) #9
commit-bot: I haz the power
7 years, 3 months ago (2013-09-10 00:10:12 UTC) #10
Message was sent while issue was closed. 
Change committed as 222143

Powered by Google App Engine
This is Rietveld 408576698