Issue 315383003: Linux sandbox: restrict prctl in the baseline.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Issue 315383003: Linux sandbox: restrict prctl in the baseline. (Closed)

Created:
6 years, 6 months ago by jln (very slow on Chromium)

Modified:
6 years, 6 months ago

Reviewers:
mdempsky

CC:
chromium-reviews, darin-cc_chromium.org, jam, agl, jln+watch_chromium.org, Mark Seaborn

Base URL:
svn://svn.chromium.org/chrome/trunk/src

Visibility:
Public.

Linux sandbox: restrict prctl in the baseline. Restrict prctl(2) in the baseline policy. We temporarily allow in the GPU and PPAPI policies, so the net effect of this CL is only to restrict prctl for NaCl processes. BUG=270914 R=mdempsky@chromium.org Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=275284

Created: 6 years, 6 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+34 lines, -8 lines)			Patch
M	content/common/sandbox_linux/bpf_gpu_policy_linux.cc	View		1 chunk	+2 lines, -0 lines	0 comments	Download
M	content/common/sandbox_linux/bpf_ppapi_policy_linux.cc	View		1 chunk	+2 lines, -0 lines	0 comments	Download
M	content/common/sandbox_linux/bpf_renderer_policy_linux.cc	View		1 chunk	+0 lines, -2 lines	0 comments	Download
M	sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc	View		3 chunks	+4 lines, -1 line	0 comments	Download
M	sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc	View	1	2 chunks	+21 lines, -0 lines	0 comments	Download
M	sandbox/linux/seccomp-bpf-helpers/syscall_sets.h	View		1 chunk	+1 line, -1 line	0 comments	Download
M	sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc	View		1 chunk	+4 lines, -4 lines	0 comments	Download

Total messages: 3 (0 generated)

jln (very slow on Chromium)

Matthew: PTAL! Mark: FYI, this will restrict prctl in NaCl to PR_SET_NAME, PR_SET_DUMPABLE, PR_GET_DUMPABLE, crash ...

6 years, 6 months ago (2014-06-05 22:53:45 UTC) #1

jln (very slow on Chromium)

6 years, 6 months ago (2014-06-06 00:44:43 UTC) #3

Message was sent while issue was closed.

Committed patchset #2 manually as r275284 (presubmit successful).