OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CONTENT_COMMON_SANDBOX_LINUX_H_ | 5 #ifndef CONTENT_COMMON_SANDBOX_LINUX_H_ |
6 #define CONTENT_COMMON_SANDBOX_LINUX_H_ | 6 #define CONTENT_COMMON_SANDBOX_LINUX_H_ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 | 9 |
10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
(...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
73 | 73 |
74 // Limit the address space of the current process (and its children). | 74 // Limit the address space of the current process (and its children). |
75 // to make some vulnerabilities harder to exploit. | 75 // to make some vulnerabilities harder to exploit. |
76 bool LimitAddressSpace(const std::string& process_type); | 76 bool LimitAddressSpace(const std::string& process_type); |
77 | 77 |
78 private: | 78 private: |
79 friend struct DefaultSingletonTraits<LinuxSandbox>; | 79 friend struct DefaultSingletonTraits<LinuxSandbox>; |
80 | 80 |
81 // We must have been pre_initialized_ before using this. | 81 // We must have been pre_initialized_ before using this. |
82 bool seccomp_bpf_supported() const; | 82 bool seccomp_bpf_supported() const; |
| 83 // Returns true if it can be determined that the current process has open |
| 84 // directories that are not managed by the LinuxSandbox class. This would |
| 85 // be a vulnerability as it would allow to bypass the setuid sandbox. |
| 86 bool HasOpenDirectories(); |
83 // The last part of the initialization is to make sure any temporary "hole" | 87 // The last part of the initialization is to make sure any temporary "hole" |
84 // in the sandbox is closed. For now, this consists of closing proc_fd_. | 88 // in the sandbox is closed. For now, this consists of closing proc_fd_. |
85 void SealSandbox(); | 89 void SealSandbox(); |
86 | 90 |
87 // A file descriptor to /proc. It's dangerous to have it around as it could | 91 // A file descriptor to /proc. It's dangerous to have it around as it could |
88 // allow for sandbox bypasses. It needs to be closed before we consider | 92 // allow for sandbox bypasses. It needs to be closed before we consider |
89 // ourselves sandboxed. | 93 // ourselves sandboxed. |
90 int proc_fd_; | 94 int proc_fd_; |
91 bool seccomp_bpf_started_; | 95 bool seccomp_bpf_started_; |
92 // Did PreinitializeSandbox() run? | 96 // Did PreinitializeSandbox() run? |
93 bool pre_initialized_; | 97 bool pre_initialized_; |
94 bool seccomp_bpf_supported_; // Accurate if pre_initialized_. | 98 bool seccomp_bpf_supported_; // Accurate if pre_initialized_. |
95 scoped_ptr<sandbox::SetuidSandboxClient> setuid_sandbox_client_; | 99 scoped_ptr<sandbox::SetuidSandboxClient> setuid_sandbox_client_; |
96 | 100 |
97 ~LinuxSandbox(); | 101 ~LinuxSandbox(); |
98 DISALLOW_IMPLICIT_CONSTRUCTORS(LinuxSandbox); | 102 DISALLOW_IMPLICIT_CONSTRUCTORS(LinuxSandbox); |
99 }; | 103 }; |
100 | 104 |
101 } // namespace content | 105 } // namespace content |
102 | 106 |
103 #endif // CONTENT_COMMON_SANDBOX_LINUX_H_ | 107 #endif // CONTENT_COMMON_SANDBOX_LINUX_H_ |
104 | 108 |
OLD | NEW |