Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(94)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/common/sandbox_linux.h

Issue 24055003: add a LinuxSandbox::HasOpenDirectories() sanity check (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: leave TODO Created 7 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | content/common/sandbox_linux.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/common/sandbox_linux.h
diff --git a/content/common/sandbox_linux.h b/content/common/sandbox_linux.h
index 412c04ab20bdf1915974443370025d853579ed9b..2cf105fadf98b251e3debbbda386dec54c15ad2e 100644
--- a/content/common/sandbox_linux.h
+++ b/content/common/sandbox_linux.h
@@ -80,6 +80,10 @@ class LinuxSandbox {
// We must have been pre_initialized_ before using this.
bool seccomp_bpf_supported() const;
+ // Returns true if it can be determined that the current process has open
+ // directories that are not managed by the LinuxSandbox class. This would
+ // be a vulnerability as it would allow to bypass the setuid sandbox.
+ bool HasOpenDirectories();
// The last part of the initialization is to make sure any temporary "hole"
// in the sandbox is closed. For now, this consists of closing proc_fd_.
void SealSandbox();
« no previous file with comments | « no previous file | content/common/sandbox_linux.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698