| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h" | 5 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <fcntl.h> | 8 #include <fcntl.h> |
| 9 #include <fcntl.h> | 9 #include <fcntl.h> |
| 10 #include <linux/net.h> | 10 #include <linux/net.h> |
| (...skipping 17 matching lines...) Expand all Loading... |
| 28 #define F_DUPFD_CLOEXEC (F_LINUX_SPECIFIC_BASE + 6) | 28 #define F_DUPFD_CLOEXEC (F_LINUX_SPECIFIC_BASE + 6) |
| 29 #endif | 29 #endif |
| 30 #endif | 30 #endif |
| 31 | 31 |
| 32 #if defined(__arm__) && !defined(MAP_STACK) | 32 #if defined(__arm__) && !defined(MAP_STACK) |
| 33 #define MAP_STACK 0x20000 // Daisy build environment has old headers. | 33 #define MAP_STACK 0x20000 // Daisy build environment has old headers. |
| 34 #endif | 34 #endif |
| 35 | 35 |
| 36 namespace { | 36 namespace { |
| 37 | 37 |
| 38 inline bool RunningOnASAN() { | |
| 39 #if defined(ADDRESS_SANITIZER) | |
| 40 return true; | |
| 41 #else | |
| 42 return false; | |
| 43 #endif | |
| 44 } | |
| 45 | |
| 46 inline bool IsArchitectureX86_64() { | 38 inline bool IsArchitectureX86_64() { |
| 47 #if defined(__x86_64__) | 39 #if defined(__x86_64__) |
| 48 return true; | 40 return true; |
| 49 #else | 41 #else |
| 50 return false; | 42 return false; |
| 51 #endif | 43 #endif |
| 52 } | 44 } |
| 53 | 45 |
| 54 inline bool IsArchitectureI386() { | 46 inline bool IsArchitectureI386() { |
| 55 #if defined(__i386__) | 47 #if defined(__i386__) |
| 56 return true; | 48 return true; |
| 57 #else | 49 #else |
| 58 return false; | 50 return false; |
| 59 #endif | 51 #endif |
| 60 } | 52 } |
| 61 | 53 |
| 62 } // namespace. | 54 } // namespace. |
| 63 | 55 |
| 64 namespace sandbox { | 56 namespace sandbox { |
| 65 | 57 |
| 66 ErrorCode RestrictCloneToThreadsAndEPERMFork(SandboxBPF* sandbox) { | 58 ErrorCode RestrictCloneToThreadsAndEPERMFork(SandboxBPF* sandbox) { |
| 67 // Glibc's pthread. | 59 // Glibc's pthread. |
| 68 // TODO(jln): fix this on ASAN. | 60 return sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, |
| 69 if (!RunningOnASAN()) { | 61 CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND | |
| 70 return sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, | 62 CLONE_THREAD | CLONE_SYSVSEM | CLONE_SETTLS | |
| 71 CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND | | 63 CLONE_PARENT_SETTID | CLONE_CHILD_CLEARTID, |
| 72 CLONE_THREAD | CLONE_SYSVSEM | CLONE_SETTLS | | 64 ErrorCode(ErrorCode::ERR_ALLOWED), |
| 73 CLONE_PARENT_SETTID | CLONE_CHILD_CLEARTID, | 65 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, |
| 74 ErrorCode(ErrorCode::ERR_ALLOWED), | 66 CLONE_PARENT_SETTID | SIGCHLD, |
| 75 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, | 67 ErrorCode(EPERM), |
| 76 CLONE_PARENT_SETTID | SIGCHLD, | 68 // ARM |
| 77 ErrorCode(EPERM), | 69 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, |
| 78 // ARM | 70 CLONE_CHILD_SETTID | CLONE_CHILD_CLEARTID | SIGCHLD, |
| 79 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, | 71 ErrorCode(EPERM), |
| 80 CLONE_CHILD_SETTID | CLONE_CHILD_CLEARTID | SIGCHLD, | 72 sandbox->Trap(SIGSYSCloneFailure, NULL)))); |
| 81 ErrorCode(EPERM), | |
| 82 sandbox->Trap(SIGSYSCloneFailure, NULL)))); | |
| 83 } else { | |
| 84 return ErrorCode(ErrorCode::ERR_ALLOWED); | |
| 85 } | |
| 86 } | 73 } |
| 87 | 74 |
| 88 ErrorCode RestrictPrctl(SandboxBPF* sandbox) { | 75 ErrorCode RestrictPrctl(SandboxBPF* sandbox) { |
| 89 // Will need to add seccomp compositing in the future. PR_SET_PTRACER is | 76 // Will need to add seccomp compositing in the future. PR_SET_PTRACER is |
| 90 // used by breakpad but not needed anymore. | 77 // used by breakpad but not needed anymore. |
| 91 return sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, | 78 return sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, |
| 92 PR_SET_NAME, ErrorCode(ErrorCode::ERR_ALLOWED), | 79 PR_SET_NAME, ErrorCode(ErrorCode::ERR_ALLOWED), |
| 93 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, | 80 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, |
| 94 PR_SET_DUMPABLE, ErrorCode(ErrorCode::ERR_ALLOWED), | 81 PR_SET_DUMPABLE, ErrorCode(ErrorCode::ERR_ALLOWED), |
| 95 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, | 82 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, |
| (...skipping 110 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 206 SYS_SHUTDOWN, ErrorCode(ErrorCode::ERR_ALLOWED), | 193 SYS_SHUTDOWN, ErrorCode(ErrorCode::ERR_ALLOWED), |
| 207 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, | 194 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, |
| 208 SYS_SENDMSG, ErrorCode(ErrorCode::ERR_ALLOWED), | 195 SYS_SENDMSG, ErrorCode(ErrorCode::ERR_ALLOWED), |
| 209 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, | 196 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, |
| 210 SYS_RECVMSG, ErrorCode(ErrorCode::ERR_ALLOWED), | 197 SYS_RECVMSG, ErrorCode(ErrorCode::ERR_ALLOWED), |
| 211 ErrorCode(EPERM))))))))); | 198 ErrorCode(EPERM))))))))); |
| 212 } | 199 } |
| 213 #endif | 200 #endif |
| 214 | 201 |
| 215 ErrorCode RestrictKillTarget(pid_t target_pid, SandboxBPF* sandbox, int sysno) { | 202 ErrorCode RestrictKillTarget(pid_t target_pid, SandboxBPF* sandbox, int sysno) { |
| 216 if (!RunningOnASAN()) { | 203 switch (sysno) { |
| 217 switch (sysno) { | 204 case __NR_kill: |
| 218 case __NR_kill: | 205 case __NR_tgkill: |
| 219 case __NR_tgkill: | 206 return sandbox->Cond(0, |
| 220 return sandbox->Cond(0, | 207 ErrorCode::TP_32BIT, |
| 221 ErrorCode::TP_32BIT, | 208 ErrorCode::OP_EQUAL, |
| 222 ErrorCode::OP_EQUAL, | 209 target_pid, |
| 223 target_pid, | 210 ErrorCode(ErrorCode::ERR_ALLOWED), |
| 224 ErrorCode(ErrorCode::ERR_ALLOWED), | 211 sandbox->Trap(SIGSYSKillFailure, NULL)); |
| 225 sandbox->Trap(SIGSYSKillFailure, NULL)); | 212 case __NR_tkill: |
| 226 case __NR_tkill: | 213 return sandbox->Trap(SIGSYSKillFailure, NULL); |
| 227 return sandbox->Trap(SIGSYSKillFailure, NULL); | 214 default: |
| 228 default: | 215 NOTREACHED(); |
| 229 NOTREACHED(); | 216 return sandbox->Trap(CrashSIGSYS_Handler, NULL); |
| 230 return sandbox->Trap(CrashSIGSYS_Handler, NULL); | |
| 231 } | |
| 232 } else { | |
| 233 switch (sysno) { | |
| 234 case __NR_kill: | |
| 235 case __NR_tgkill: | |
| 236 case __NR_tkill: | |
| 237 // On ASAN, fork() is not properly denied. This could lead to the | |
| 238 // strange failures we're observing with this policy on ASAN. | |
| 239 // TODO(jln): fix this. | |
| 240 return ErrorCode(ErrorCode::ERR_ALLOWED); | |
| 241 default: | |
| 242 NOTREACHED(); | |
| 243 return sandbox->Trap(CrashSIGSYS_Handler, NULL); | |
| 244 } | |
| 245 } | 217 } |
| 246 } | 218 } |
| 247 | 219 |
| 248 } // namespace sandbox. | 220 } // namespace sandbox. |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 263563004:
Linux sandbox: disallow fork() and *kill for ASAN (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src