sandbox/linux/services/credentials.h - Issue 835623005: Remove the open directory fd check.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: sandbox/linux/services/credentials.h

Issue 835623005: Remove the open directory fd check. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Respond to comments. Created 5 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: sandbox/linux/services/credentials.h

diff --git a/sandbox/linux/services/credentials.h b/sandbox/linux/services/credentials.h

index c6a6eb007151c634a93aba7e9b0706fdf00328de..ddc54db7e0a466f94c6880abdca6bce14295cc62 100644

--- a/sandbox/linux/services/credentials.h

+++ b/sandbox/linux/services/credentials.h

@@ -14,6 +14,7 @@

#include <string>

#include "base/basictypes.h"

+#include "base/compiler_specific.h"

#include "base/memory/scoped_ptr.h"

#include "sandbox/sandbox_export.h"

@@ -29,7 +30,7 @@ class SANDBOX_EXPORT Credentials {

// Drop all capabilities in the effective, inheritable and permitted sets for

// the current process.

- bool DropAllCapabilities();

+ bool DropAllCapabilities() WARN_UNUSED_RESULT;

// Return true iff there is any capability in any of the capabilities sets

// of the current process.

bool HasAnyCapability() const;

@@ -51,7 +52,7 @@ class SANDBOX_EXPORT Credentials {

// change.

// If this call succeeds, the current process will be granted a full set of

// capabilities in the new namespace.

- bool MoveToNewUserNS();

+ bool MoveToNewUserNS() WARN_UNUSED_RESULT;

// Remove the ability of the process to access the file system. File

// descriptors which are already open prior to calling this API remain

@@ -60,9 +61,11 @@ class SANDBOX_EXPORT Credentials {

// CAP_SYS_CHROOT can be acquired by using the MoveToNewUserNS() API.

// Make sure to call DropAllCapabilities() after this call to prevent

// escapes.

- // To be secure, it's very important for this API to not be called while the

- // process has any directory file descriptor open.

- bool DropFileSystemAccess();

+ // To be secure, the caller must ensure that any directory file descriptors

+ // are closed (for example, by checking the result of

+ // ProcUtil::HasOpenDirectory with a file descriptor for /proc, then closing

+ // that file descriptor). Otherwise it may be possible to escape the chroot.

+ bool DropFileSystemAccess() WARN_UNUSED_RESULT;

private:

DISALLOW_COPY_AND_ASSIGN(Credentials);

« no previous file with comments | « no previous file | sandbox/linux/services/credentials.cc » ('j') | no next file with comments »