| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/linux/services/credentials.h" | 5 #include "sandbox/linux/services/credentials.h" |
| 6 | 6 |
| 7 #include <dirent.h> | 7 #include <dirent.h> |
| 8 #include <errno.h> | 8 #include <errno.h> |
| 9 #include <fcntl.h> | 9 #include <fcntl.h> |
| 10 #include <signal.h> | 10 #include <signal.h> |
| (...skipping 155 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 166 } // namespace. | 166 } // namespace. |
| 167 | 167 |
| 168 namespace sandbox { | 168 namespace sandbox { |
| 169 | 169 |
| 170 Credentials::Credentials() { | 170 Credentials::Credentials() { |
| 171 } | 171 } |
| 172 | 172 |
| 173 Credentials::~Credentials() { | 173 Credentials::~Credentials() { |
| 174 } | 174 } |
| 175 | 175 |
| 176 int Credentials::CountOpenFds(int proc_fd) { |
| 177 DCHECK_LE(0, proc_fd); |
| 178 int proc_self_fd = openat(proc_fd, "self/fd", O_DIRECTORY | O_RDONLY); |
| 179 PCHECK(0 <= proc_self_fd); |
| 180 |
| 181 // Ownership of proc_self_fd is transferred here, it must not be closed |
| 182 // or modified afterwards except via dir. |
| 183 ScopedDIR dir(fdopendir(proc_self_fd)); |
| 184 CHECK(dir); |
| 185 |
| 186 int count = 0; |
| 187 struct dirent e; |
| 188 struct dirent* de; |
| 189 while (!readdir_r(dir.get(), &e, &de) && de) { |
| 190 if (strcmp(e.d_name, ".") == 0 || strcmp(e.d_name, "..") == 0) { |
| 191 continue; |
| 192 } |
| 193 |
| 194 int fd_num; |
| 195 CHECK(base::StringToInt(e.d_name, &fd_num)); |
| 196 if (fd_num == proc_fd || fd_num == proc_self_fd) { |
| 197 continue; |
| 198 } |
| 199 |
| 200 ++count; |
| 201 } |
| 202 return count; |
| 203 } |
| 204 |
| 176 bool Credentials::HasOpenDirectory(int proc_fd) { | 205 bool Credentials::HasOpenDirectory(int proc_fd) { |
| 177 int proc_self_fd = -1; | 206 int proc_self_fd = -1; |
| 178 if (proc_fd >= 0) { | 207 if (proc_fd >= 0) { |
| 179 proc_self_fd = openat(proc_fd, "self/fd", O_DIRECTORY | O_RDONLY); | 208 proc_self_fd = openat(proc_fd, "self/fd", O_DIRECTORY | O_RDONLY); |
| 180 } else { | 209 } else { |
| 181 proc_self_fd = openat(AT_FDCWD, "/proc/self/fd", O_DIRECTORY | O_RDONLY); | 210 proc_self_fd = openat(AT_FDCWD, "/proc/self/fd", O_DIRECTORY | O_RDONLY); |
| 182 if (proc_self_fd < 0) { | 211 if (proc_self_fd < 0) { |
| 183 // If this process has been chrooted (eg into /proc/self/fdinfo) then | 212 // If this process has been chrooted (eg into /proc/self/fdinfo) then |
| 184 // the new root dir will not have directory listing permissions for us | 213 // the new root dir will not have directory listing permissions for us |
| 185 // (hence EACCES). And if we do have this permission, then /proc won't | 214 // (hence EACCES). And if we do have this permission, then /proc won't |
| (...skipping 123 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 309 } | 338 } |
| 310 | 339 |
| 311 bool Credentials::DropFileSystemAccess() { | 340 bool Credentials::DropFileSystemAccess() { |
| 312 // Chrooting to a safe empty dir will only be safe if no directory file | 341 // Chrooting to a safe empty dir will only be safe if no directory file |
| 313 // descriptor is available to the process. | 342 // descriptor is available to the process. |
| 314 DCHECK(!HasOpenDirectory(-1)); | 343 DCHECK(!HasOpenDirectory(-1)); |
| 315 return ChrootToSafeEmptyDir(); | 344 return ChrootToSafeEmptyDir(); |
| 316 } | 345 } |
| 317 | 346 |
| 318 } // namespace sandbox. | 347 } // namespace sandbox. |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 276443003:
NaCl: Add sanity check for number of open FDs at startup (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src