Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(106)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 2458: Use the new dll injection blocking api of the sandbox to block... (Closed)

Created:
12 years, 3 months ago by cpu_(ooo_6.6-7.5)
Modified:
9 years, 7 months ago
CC:
chromium-reviews_googlegroups.com
Visibility:
Public.

Description

Use the new dll injection blocking api of the sandbox to block the loading of dlls that cause renderer crashes. - Remove the old FreeLibrary() method Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=2441

Patch Set 1 #

Patch Set 2 : '' #

Patch Set 3 : '' #

Patch Set 4 : '' #

Unified diffs Side-by-side diffs Delta from patch set Stats (+35 lines, -32 lines) Patch
M chrome/app/chrome_dll_main.cc View 4 chunks +0 lines, -29 lines 0 comments Download
M chrome/browser/render_process_host.cc View 1 chunk +5 lines, -0 lines 0 comments Download
M chrome/browser/sandbox_policy.h View 1 2 3 3 chunks +6 lines, -3 lines 0 comments Download
M chrome/browser/sandbox_policy.cc View 1 2 3 1 chunk +24 lines, -0 lines 0 comments Download

Messages

Total messages: 4 (0 generated)
cpu_(ooo_6.6-7.5)
12 years, 3 months ago (2008-09-15 21:52:41 UTC) #1
rvargas (doing something else)
lgtm http://codereview.chromium.org/2458/diff/407/608 File chrome/browser/sandbox_policy.cc (right): http://codereview.chromium.org/2458/diff/407/608#newcode110 Line 110: LOG(WARNING) << "dll to unload found: " ...
12 years, 3 months ago (2008-09-16 00:32:04 UTC) #2
amit
LGTM with comments. I think reading the list from external source is kind of tricky ...
12 years, 3 months ago (2008-09-16 15:07:07 UTC) #3
cpu_(ooo_6.6-7.5)
12 years, 3 months ago (2008-09-17 02:43:56 UTC) #4 
I have updated the code with the comments. 

I want to not implement a sandbox configuration file yet because of the
considerations outlined last year, namely we don't want people to change this by
themselves or we would need to make it way more sophisticated to be really
helpful. For example if somebody adds a rule, it must be preserved (merged with
new rules) when chrome upgrades.

I think the right time to do this with some planning is when we have a plan to
sandbox plugins. Right now a fixed list in the code supports our needs quite
well.

Another more interesting idea is not to have a config file but query our
servers. We sort of do this today for plug-ins.

Powered by Google App Engine
This is Rietveld 408576698