Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(735)

Issue 258073008: Linux sandbox: restrict *kill to the current process. (Closed)

Created:
6 years, 7 months ago by jln (very slow on Chromium)
Modified:
6 years, 7 months ago
CC:
chromium-reviews, agl, jln+watch_chromium.org
Visibility:
Public.

Description

Linux sandbox: restrict *kill to the current process. Restrict tgkill(2) and kill(2) to the current process, forbid tkill. BUG=367986 R=jorgelo@chromium.org Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=266926

Patch Set 1 #

Total comments: 8

Patch Set 2 : Address Jorge's remarks. #

Total comments: 2

Patch Set 3 : One nit disappeared :) #

Unified diffs Side-by-side diffs Delta from patch set Stats (+73 lines, -11 lines) Patch
M sandbox/linux/seccomp-bpf-helpers/baseline_policy.h View 1 2 2 chunks +5 lines, -2 lines 0 comments Download
M sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc View 1 7 chunks +24 lines, -7 lines 0 comments Download
M sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h View 1 1 chunk +3 lines, -0 lines 0 comments Download
M sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc View 2 chunks +17 lines, -0 lines 0 comments Download
M sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h View 2 chunks +7 lines, -0 lines 0 comments Download
M sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc View 1 chunk +16 lines, -0 lines 0 comments Download
M sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc View 1 chunk +1 line, -2 lines 0 comments Download

Messages

Total messages: 7 (0 generated)
jln (very slow on Chromium)
Jorge: PTAL!
6 years, 7 months ago (2014-04-29 01:40:53 UTC) #1
Jorge Lucangeli Obes
https://chromiumcodereview.appspot.com/258073008/diff/1/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc File sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc (right): https://chromiumcodereview.appspot.com/258073008/diff/1/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc#newcode185 sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc:185: DCHECK_EQ(syscall(__NR_getpid), current_pid_); This will call getpid() once per syscall ...
6 years, 7 months ago (2014-04-29 17:01:26 UTC) #2
jln (very slow on Chromium)
Thanks, PTAL! https://chromiumcodereview.appspot.com/258073008/diff/1/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc File sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc (right): https://chromiumcodereview.appspot.com/258073008/diff/1/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc#newcode185 sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc:185: DCHECK_EQ(syscall(__NR_getpid), current_pid_); On 2014/04/29 17:01:26, Jorge Lucangeli ...
6 years, 7 months ago (2014-04-29 18:19:52 UTC) #3
Jorge Lucangeli Obes
https://chromiumcodereview.appspot.com/258073008/diff/20001/sandbox/linux/seccomp-bpf-helpers/baseline_policy.h File sandbox/linux/seccomp-bpf-helpers/baseline_policy.h (right): https://chromiumcodereview.appspot.com/258073008/diff/20001/sandbox/linux/seccomp-bpf-helpers/baseline_policy.h#newcode27 sandbox/linux/seccomp-bpf-helpers/baseline_policy.h:27: // instanciated (so do not fork() and use it ...
6 years, 7 months ago (2014-04-29 18:23:43 UTC) #4
jln (very slow on Chromium)
https://chromiumcodereview.appspot.com/258073008/diff/20001/sandbox/linux/seccomp-bpf-helpers/baseline_policy.h File sandbox/linux/seccomp-bpf-helpers/baseline_policy.h (right): https://chromiumcodereview.appspot.com/258073008/diff/20001/sandbox/linux/seccomp-bpf-helpers/baseline_policy.h#newcode27 sandbox/linux/seccomp-bpf-helpers/baseline_policy.h:27: // instanciated (so do not fork() and use it ...
6 years, 7 months ago (2014-04-29 18:26:03 UTC) #5
Jorge Lucangeli Obes
lgtm
6 years, 7 months ago (2014-04-29 18:28:39 UTC) #6
jln (very slow on Chromium)
6 years, 7 months ago (2014-04-29 18:43:56 UTC) #7
Message was sent while issue was closed.
Committed patchset #3 manually as r266926 (presubmit successful).

Powered by Google App Engine
This is Rietveld 408576698