components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc - Issue 901683003: Make NaCl process non-dumpable.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc

Issue 901683003: Make NaCl process non-dumpable. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Specify all 5 arguments for prctl. Created 5 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc

diff --git a/components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc b/components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc

index 5c4fa4224f7c2d0efbb4d203911da1286cb40fbb..ea24766cdbd99483d25006f4217946e3659900bc 100644

--- a/components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc

+++ b/components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc

@@ -6,6 +6,7 @@

#include <errno.h>

#include <fcntl.h>

+#include <sys/prctl.h>

#include <sys/stat.h>

#include <sys/types.h>

#include <unistd.h>

@@ -22,6 +23,7 @@

#include "components/nacl/common/nacl_switches.h"

#include "components/nacl/loader/nonsfi/nonsfi_sandbox.h"

#include "components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.h"

+#include "content/public/common/content_switches.h"

#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"

#include "sandbox/linux/services/proc_util.h"

#include "sandbox/linux/services/thread_helpers.h"

@@ -50,6 +52,21 @@ base::ScopedFD GetProcSelfTask(int proc_fd) {

return proc_self_task.Pass();

}

+bool MaybeSetProcessNonDumpable() {

+ const base::CommandLine& command_line =

+ *base::CommandLine::ForCurrentProcess();

+ if (command_line.HasSwitch(switches::kAllowSandboxDebugging)) {

+ return true;

+ }

+ if (prctl(PR_SET_DUMPABLE, 0, 0, 0, 0) != 0) {

+ PLOG(ERROR) << "Failed to set non-dumpable flag";

+ return false;

+ }

+ return prctl(PR_GET_DUMPABLE) == 0;

} // namespace

NaClSandbox::NaClSandbox()

@@ -91,6 +108,7 @@ void NaClSandbox::InitializeLayerOneSandbox() {

// Get sandboxed.

CHECK(setuid_sandbox_client_->ChrootMe());

+ CHECK(MaybeSetProcessNonDumpable());

CHECK(IsSandboxed());

layer_one_enabled_ = true;

}

« no previous file with comments | « components/nacl/loader/DEPS ('k') | components/nacl/zygote/nacl_fork_delegate_linux.cc » ('j') | no next file with comments »