| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CONTENT_COMMON_SANDBOX_LINUX_H_ | 5 #ifndef CONTENT_COMMON_SANDBOX_LINUX_H_ |
| 6 #define CONTENT_COMMON_SANDBOX_LINUX_H_ | 6 #define CONTENT_COMMON_SANDBOX_LINUX_H_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
| (...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 73 | 73 |
| 74 // Limit the address space of the current process (and its children). | 74 // Limit the address space of the current process (and its children). |
| 75 // to make some vulnerabilities harder to exploit. | 75 // to make some vulnerabilities harder to exploit. |
| 76 bool LimitAddressSpace(const std::string& process_type); | 76 bool LimitAddressSpace(const std::string& process_type); |
| 77 | 77 |
| 78 private: | 78 private: |
| 79 friend struct DefaultSingletonTraits<LinuxSandbox>; | 79 friend struct DefaultSingletonTraits<LinuxSandbox>; |
| 80 | 80 |
| 81 // We must have been pre_initialized_ before using this. | 81 // We must have been pre_initialized_ before using this. |
| 82 bool seccomp_bpf_supported() const; | 82 bool seccomp_bpf_supported() const; |
| 83 // Returns true if it can be determined that the current process has open |
| 84 // directories that are not managed by the LinuxSandbox class. This would |
| 85 // be a vulnerability as it would allow to bypass the setuid sandbox. |
| 86 bool HasOpenDirectories() const; |
| 83 // The last part of the initialization is to make sure any temporary "hole" | 87 // The last part of the initialization is to make sure any temporary "hole" |
| 84 // in the sandbox is closed. For now, this consists of closing proc_fd_. | 88 // in the sandbox is closed. For now, this consists of closing proc_fd_. |
| 85 void SealSandbox(); | 89 void SealSandbox(); |
| 86 | 90 |
| 87 // A file descriptor to /proc. It's dangerous to have it around as it could | 91 // A file descriptor to /proc. It's dangerous to have it around as it could |
| 88 // allow for sandbox bypasses. It needs to be closed before we consider | 92 // allow for sandbox bypasses. It needs to be closed before we consider |
| 89 // ourselves sandboxed. | 93 // ourselves sandboxed. |
| 90 int proc_fd_; | 94 int proc_fd_; |
| 91 bool seccomp_bpf_started_; | 95 bool seccomp_bpf_started_; |
| 92 // Did PreinitializeSandbox() run? | 96 // Did PreinitializeSandbox() run? |
| 93 bool pre_initialized_; | 97 bool pre_initialized_; |
| 94 bool seccomp_bpf_supported_; // Accurate if pre_initialized_. | 98 bool seccomp_bpf_supported_; // Accurate if pre_initialized_. |
| 95 scoped_ptr<sandbox::SetuidSandboxClient> setuid_sandbox_client_; | 99 scoped_ptr<sandbox::SetuidSandboxClient> setuid_sandbox_client_; |
| 96 | 100 |
| 97 ~LinuxSandbox(); | 101 ~LinuxSandbox(); |
| 98 DISALLOW_IMPLICIT_CONSTRUCTORS(LinuxSandbox); | 102 DISALLOW_IMPLICIT_CONSTRUCTORS(LinuxSandbox); |
| 99 }; | 103 }; |
| 100 | 104 |
| 101 } // namespace content | 105 } // namespace content |
| 102 | 106 |
| 103 #endif // CONTENT_COMMON_SANDBOX_LINUX_H_ | 107 #endif // CONTENT_COMMON_SANDBOX_LINUX_H_ |
| 104 | 108 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 24055003:
add a LinuxSandbox::HasOpenDirectories() sanity check (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src