Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(591)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc

Issue 2484393004: Linux Sandbox: Whitelist prlimit64 when used as getrlimit (Closed)
Patch Set: Linux Sandbox: Whitelist prlimit64 when used as getrlimit Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
index 43f633ed78e398654441e2c182b1614ce0176360..9f1261d4397fd074268bf7756c6e80091df45579 100644
--- a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
+++ b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
@@ -361,4 +361,9 @@ ResultExpr RestrictGetRandom() {
return If((flags & ~kGoodFlags) == 0, Allow()).Else(CrashSIGSYS());
}
+ResultExpr RestrictPrlimit64ToGetrlimit() {
+ const Arg<uintptr_t> new_limit(0);
+ return If(new_limit == 0, Allow()).Else(Error(EPERM));
Jorge Lucangeli Obes 2016/11/21 14:18:43 Should this also restrict |pid| to the process' PI
+}
+
} // namespace sandbox.
« no previous file with comments | « sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698