Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(279)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: components/nacl/loader/nonsfi/nonsfi_sandbox.cc

Issue 247563004: Non-SFI NaCl: Disallow mmap with PROT_EXEC (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: address comments Created 6 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | components/nacl/loader/nonsfi/nonsfi_sandbox_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: components/nacl/loader/nonsfi/nonsfi_sandbox.cc
diff --git a/components/nacl/loader/nonsfi/nonsfi_sandbox.cc b/components/nacl/loader/nonsfi/nonsfi_sandbox.cc
index a58ba840b73991c29485556968f9845b3045d82f..121a299cd7a3d4ee8ec09e70dec38ae51e416dd1 100644
--- a/components/nacl/loader/nonsfi/nonsfi_sandbox.cc
+++ b/components/nacl/loader/nonsfi/nonsfi_sandbox.cc
@@ -110,11 +110,11 @@ ErrorCode RestrictSocketcall(SandboxBPF* sb) {
}
#endif
-ErrorCode RestrictMemoryProtection(SandboxBPF* sb, int argno) {
- // TODO(jln, keescook, drewry): Limit the use of mmap/mprotect by
- // adding some features to linux kernel.
+ErrorCode RestrictMprotect(SandboxBPF* sb) {
+ // TODO(jln, keescook, drewry): Limit the use of mprotect by adding
+ // some features to linux kernel.
const uint32_t denied_mask = ~(PROT_READ | PROT_WRITE | PROT_EXEC);
- return sb->Cond(argno, ErrorCode::TP_32BIT,
+ return sb->Cond(2, ErrorCode::TP_32BIT,
ErrorCode::OP_HAS_ANY_BITS,
denied_mask,
sb->Trap(sandbox::CrashSIGSYS_Handler, NULL),
@@ -124,12 +124,19 @@ ErrorCode RestrictMemoryProtection(SandboxBPF* sb, int argno) {
ErrorCode RestrictMmap(SandboxBPF* sb) {
const uint32_t denied_flag_mask = ~(MAP_SHARED | MAP_PRIVATE |
MAP_ANONYMOUS | MAP_STACK | MAP_FIXED);
- // TODO(hamaji): Disallow RWX mmap.
+ // When PROT_EXEC is specified, IRT mmap of Non-SFI NaCl helper
+ // calls mmap without PROT_EXEC and then add PROT_EXEC by mprotect,
Mark Seaborn 2014/04/26 00:26:01 "adds"
hamaji 2014/04/26 02:13:25 Done.
+ // so we do not need to allow PROT_EXEC in mmap.
+ const uint32_t denied_prot_mask = ~(PROT_READ | PROT_WRITE);
return sb->Cond(3, ErrorCode::TP_32BIT,
ErrorCode::OP_HAS_ANY_BITS,
denied_flag_mask,
- sb->Trap(sandbox::CrashSIGSYS_Handler, NULL),
- RestrictMemoryProtection(sb, 2));
+ sb->Trap(sandbox::CrashSIGSYS_Handler, NULL),
+ sb->Cond(2, ErrorCode::TP_32BIT,
+ ErrorCode::OP_HAS_ANY_BITS,
+ denied_prot_mask,
+ sb->Trap(sandbox::CrashSIGSYS_Handler, NULL),
+ ErrorCode(ErrorCode::ERR_ALLOWED)));
}
ErrorCode RestrictSocketpair(SandboxBPF* sb) {
@@ -267,7 +274,7 @@ ErrorCode NaClNonSfiBPFSandboxPolicy::EvaluateSyscallImpl(
#endif
return RestrictMmap(sb);
case __NR_mprotect:
- return RestrictMemoryProtection(sb, 2);
+ return RestrictMprotect(sb);
case __NR_prctl:
return RestrictPrctl(sb);
« no previous file with comments | « no previous file | components/nacl/loader/nonsfi/nonsfi_sandbox_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698