Index: sandbox/linux/services/credentials.h |
diff --git a/sandbox/linux/services/credentials.h b/sandbox/linux/services/credentials.h |
index c6a6eb007151c634a93aba7e9b0706fdf00328de..ddc54db7e0a466f94c6880abdca6bce14295cc62 100644 |
--- a/sandbox/linux/services/credentials.h |
+++ b/sandbox/linux/services/credentials.h |
@@ -14,6 +14,7 @@ |
#include <string> |
#include "base/basictypes.h" |
+#include "base/compiler_specific.h" |
#include "base/memory/scoped_ptr.h" |
#include "sandbox/sandbox_export.h" |
@@ -29,7 +30,7 @@ class SANDBOX_EXPORT Credentials { |
// Drop all capabilities in the effective, inheritable and permitted sets for |
// the current process. |
- bool DropAllCapabilities(); |
+ bool DropAllCapabilities() WARN_UNUSED_RESULT; |
// Return true iff there is any capability in any of the capabilities sets |
// of the current process. |
bool HasAnyCapability() const; |
@@ -51,7 +52,7 @@ class SANDBOX_EXPORT Credentials { |
// change. |
// If this call succeeds, the current process will be granted a full set of |
// capabilities in the new namespace. |
- bool MoveToNewUserNS(); |
+ bool MoveToNewUserNS() WARN_UNUSED_RESULT; |
// Remove the ability of the process to access the file system. File |
// descriptors which are already open prior to calling this API remain |
@@ -60,9 +61,11 @@ class SANDBOX_EXPORT Credentials { |
// CAP_SYS_CHROOT can be acquired by using the MoveToNewUserNS() API. |
// Make sure to call DropAllCapabilities() after this call to prevent |
// escapes. |
- // To be secure, it's very important for this API to not be called while the |
- // process has any directory file descriptor open. |
- bool DropFileSystemAccess(); |
+ // To be secure, the caller must ensure that any directory file descriptors |
+ // are closed (for example, by checking the result of |
+ // ProcUtil::HasOpenDirectory with a file descriptor for /proc, then closing |
+ // that file descriptor). Otherwise it may be possible to escape the chroot. |
+ bool DropFileSystemAccess() WARN_UNUSED_RESULT; |
private: |
DISALLOW_COPY_AND_ASSIGN(Credentials); |