Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(156)

Issue 2707763002: Fix unprivileged user namespace regression (Closed)

Created:
3 years, 10 months ago by Kevin Cernekee
Modified:
3 years, 8 months ago
CC:
chromium-reviews, tfarina, dcheng
Target Ref:
refs/heads/master
Project:
chromium
Visibility:
Public.

Description

Fix unprivileged user namespace regression Prior to crrev.com/357c17552fb353ea9f3de6eca8a47b2d009067c8 ("Namespace sandbox: add check for unprivileged use of CLONE_NEWUSER") it was possible to run the entire browser inside an unprivileged user namespace. This is useful because it lets normal desktop users create separate network namespaces for different browser instances. It is often used to implement per-app VPN support on Linux[1], as an alternative to having the VPN tunnel all traffic for the entire system. Add a new check to differentiate the "bad" case of "Chrome running as global UID 0" from the "good" case of "Chrome running as UID 0 inside an unprivileged namespace." Also, add missing includes for std::move and geteuid(). [1] https://github.com/cernekee/ocproxy#vpnns-experimental BUG=638180 TEST=test by hand using vpnns Review-Url: https://codereview.chromium.org/2707763002 Cr-Commit-Position: refs/heads/master@{#463532} Committed: https://chromium.googlesource.com/chromium/src/+/7bc960609bc49b21be3240970b449cd1146af615

Patch Set 1 #

Total comments: 4

Patch Set 2 : incorporate code review feedback #

Total comments: 4

Patch Set 3 : incorporate code review feedback #

Unified diffs Side-by-side diffs Delta from patch set Stats (+13 lines, -0 lines) Patch
M chrome/browser/ui/views/chrome_browser_main_extra_parts_views.cc View 1 2 3 chunks +13 lines, -0 lines 0 comments Download

Messages

Total messages: 53 (27 generated)
Kevin Cernekee
Currently untested, would appreciate your feedback on the approach.
3 years, 10 months ago (2017-02-19 18:21:03 UTC) #4
Tom (Use chromium acct)
+mdempsky for security review https://codereview.chromium.org/2707763002/diff/1/chrome/browser/ui/views/chrome_browser_main_extra_parts_views.cc File chrome/browser/ui/views/chrome_browser_main_extra_parts_views.cc (right): https://codereview.chromium.org/2707763002/diff/1/chrome/browser/ui/views/chrome_browser_main_extra_parts_views.cc#newcode7 chrome/browser/ui/views/chrome_browser_main_extra_parts_views.cc:7: #if defined(OS_LINUX) Move ifdef'ed includes ...
3 years, 10 months ago (2017-02-19 19:16:06 UTC) #6
Kevin Cernekee
PTAL https://codereview.chromium.org/2707763002/diff/1/chrome/browser/ui/views/chrome_browser_main_extra_parts_views.cc File chrome/browser/ui/views/chrome_browser_main_extra_parts_views.cc (right): https://codereview.chromium.org/2707763002/diff/1/chrome/browser/ui/views/chrome_browser_main_extra_parts_views.cc#newcode7 chrome/browser/ui/views/chrome_browser_main_extra_parts_views.cc:7: #if defined(OS_LINUX) On 2017/02/19 19:16:06, Tom Anderson wrote: ...
3 years, 10 months ago (2017-02-19 19:33:46 UTC) #9
Tom (Use chromium acct)
pinging mdempsky@ for security review this lgtm from a style pov
3 years, 10 months ago (2017-02-23 03:34:23 UTC) #14
msw
I think I'll need to defer to another c/b/ui[/views] owner, and do encourage security review ...
3 years, 10 months ago (2017-02-23 18:43:38 UTC) #15
Kevin Cernekee
Friendly ping, could we please complete the security review? I have tested this CL locally ...
3 years, 9 months ago (2017-03-01 19:38:19 UTC) #17
dcheng
Deferring to jorgelo for this, since he knows a lot more about this
3 years, 9 months ago (2017-03-01 19:52:31 UTC) #19
Tom (Use chromium acct)
+jln for security review
3 years, 9 months ago (2017-03-01 19:55:50 UTC) #21
Kevin Cernekee
Hi, could we please wrap up the security review in time for the M59 branch? ...
3 years, 8 months ago (2017-04-10 03:05:19 UTC) #22
Jorge Lucangeli Obes
https://codereview.chromium.org/2707763002/diff/20001/chrome/browser/ui/views/chrome_browser_main_extra_parts_views.cc File chrome/browser/ui/views/chrome_browser_main_extra_parts_views.cc (right): https://codereview.chromium.org/2707763002/diff/20001/chrome/browser/ui/views/chrome_browser_main_extra_parts_views.cc#newcode87 chrome/browser/ui/views/chrome_browser_main_extra_parts_views.cc:87: // root directory will be owned by an unmapped ...
3 years, 8 months ago (2017-04-10 13:39:48 UTC) #23
Jorge Lucangeli Obes
https://codereview.chromium.org/2707763002/diff/20001/chrome/browser/ui/views/chrome_browser_main_extra_parts_views.cc File chrome/browser/ui/views/chrome_browser_main_extra_parts_views.cc (right): https://codereview.chromium.org/2707763002/diff/20001/chrome/browser/ui/views/chrome_browser_main_extra_parts_views.cc#newcode89 chrome/browser/ui/views/chrome_browser_main_extra_parts_views.cc:89: if (stat("/", &st) == 0 && st.st_uid != 0) ...
3 years, 8 months ago (2017-04-10 13:41:19 UTC) #24
Kevin Cernekee
https://codereview.chromium.org/2707763002/diff/20001/chrome/browser/ui/views/chrome_browser_main_extra_parts_views.cc File chrome/browser/ui/views/chrome_browser_main_extra_parts_views.cc (right): https://codereview.chromium.org/2707763002/diff/20001/chrome/browser/ui/views/chrome_browser_main_extra_parts_views.cc#newcode87 chrome/browser/ui/views/chrome_browser_main_extra_parts_views.cc:87: // root directory will be owned by an unmapped ...
3 years, 8 months ago (2017-04-10 21:40:22 UTC) #25
Jorge Lucangeli Obes
On 2017/04/10 21:40:22, Kevin Cernekee wrote: > https://codereview.chromium.org/2707763002/diff/20001/chrome/browser/ui/views/chrome_browser_main_extra_parts_views.cc > File chrome/browser/ui/views/chrome_browser_main_extra_parts_views.cc (right): > > https://codereview.chromium.org/2707763002/diff/20001/chrome/browser/ui/views/chrome_browser_main_extra_parts_views.cc#newcode87 ...
3 years, 8 months ago (2017-04-10 22:52:06 UTC) #28
Kevin Cernekee
On 2017/04/10 22:52:06, Jorge Lucangeli Obes wrote: > Have you tested this locally running as ...
3 years, 8 months ago (2017-04-11 00:29:01 UTC) #31
Tom (Use chromium acct)
On 2017/04/11 00:29:01, Kevin Cernekee wrote: > On 2017/04/10 22:52:06, Jorge Lucangeli Obes wrote: > ...
3 years, 8 months ago (2017-04-11 00:36:16 UTC) #32
Kevin Cernekee
On 2017/04/11 00:36:16, Tom Anderson wrote: > It definitely shouldn't crash as root. I think ...
3 years, 8 months ago (2017-04-11 00:38:37 UTC) #33
Jorge Lucangeli Obes
lgtm since functionality works as expected.
3 years, 8 months ago (2017-04-11 02:33:20 UTC) #34
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2707763002/40001
3 years, 8 months ago (2017-04-11 02:39:53 UTC) #37
commit-bot: I haz the power
Try jobs failed on following builders: chromium_presubmit on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/chromium_presubmit/builds/407532)
3 years, 8 months ago (2017-04-11 02:50:56 UTC) #39
Kevin Cernekee
Hi sky, could you please provide OWNERS approval for this file?
3 years, 8 months ago (2017-04-11 03:00:40 UTC) #41
sky
LGTM
3 years, 8 months ago (2017-04-11 04:08:19 UTC) #42
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2707763002/40001
3 years, 8 months ago (2017-04-11 04:10:35 UTC) #44
sky
I'm not entirely sure I understand the ramifications of this. NOT LGTM until Justin looks ...
3 years, 8 months ago (2017-04-11 04:19:25 UTC) #47
commit-bot: I haz the power
A disapproval has been posted by following reviewers: sky@chromium.org. Please make sure to get positive ...
3 years, 8 months ago (2017-04-11 04:19:33 UTC) #49
commit-bot: I haz the power
Committed patchset #3 (id:40001) as https://chromium.googlesource.com/chromium/src/+/7bc960609bc49b21be3240970b449cd1146af615
3 years, 8 months ago (2017-04-11 04:23:40 UTC) #52
sky
3 years, 8 months ago (2017-04-11 04:35:34 UTC) #53
Message was sent while issue was closed.
It looks like jorgelo is on the security team, so LGTM. Sorry for the run
around.

Powered by Google App Engine
This is Rietveld 408576698