Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(273)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/common/sandbox_linux/sandbox_debug_handling_linux.cc

Issue 915823002: Namespace sandbox: add important security checks (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Rebase Created 5 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/common/sandbox_linux/sandbox_debug_handling_linux.h ('k') | content/common/sandbox_linux/sandbox_linux.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "content/common/sandbox_linux/sandbox_debug_handling_linux.h"
6
7 #include <errno.h>
8 #include <signal.h>
9 #include <sys/prctl.h>
10 #include <unistd.h>
11
12 #include "base/command_line.h"
13 #include "base/logging.h"
14 #include "base/macros.h"
15 #include "base/strings/safe_sprintf.h"
16 #include "content/public/common/content_switches.h"
17
18 namespace content {
19
20 namespace {
21
22 void DoChrootSignalHandler(int) {
23 const int old_errno = errno;
24 const char kFirstMessage[] = "Chroot signal handler called.\n";
25 ignore_result(write(STDERR_FILENO, kFirstMessage, sizeof(kFirstMessage) - 1));
26
27 const int chroot_ret = chroot("/");
28
29 char kSecondMessage[100];
30 const ssize_t printed = base::strings::SafeSPrintf(
31 kSecondMessage, "chroot() returned %d. Errno is %d.\n", chroot_ret,
32 errno);
33 if (printed > 0 && printed < static_cast<ssize_t>(sizeof(kSecondMessage))) {
34 ignore_result(write(STDERR_FILENO, kSecondMessage, printed));
35 }
36 errno = old_errno;
37 }
38
39 // This is a quick hack to allow testing sandbox crash reports in production
40 // binaries.
41 // This installs a signal handler for SIGUSR2 that performs a chroot().
42 // In most of our BPF policies, it is a "watched" system call which will
43 // trigger a SIGSYS signal whose handler will crash.
44 // This has been added during the investigation of https://crbug.com/415842.
45 void InstallCrashTestHandler() {
46 struct sigaction act = {};
47 act.sa_handler = DoChrootSignalHandler;
48 CHECK_EQ(0, sigemptyset(&act.sa_mask));
49 act.sa_flags = 0;
50
51 PCHECK(0 == sigaction(SIGUSR2, &act, NULL));
52 }
53
54 bool IsSandboxDebuggingEnabled() {
55 const base::CommandLine& command_line =
56 *base::CommandLine::ForCurrentProcess();
57 return command_line.HasSwitch(switches::kAllowSandboxDebugging);
58 }
59
60 } // namespace
61
62 // static
63 bool SandboxDebugHandling::SetDumpableStatusAndHandlers() {
64 if (IsSandboxDebuggingEnabled()) {
65 // If sandbox debugging is allowed, install a handler for sandbox-related
66 // crash testing.
67 InstallCrashTestHandler();
68 return true;
69 }
70
71 if (prctl(PR_SET_DUMPABLE, 0) != 0) {
72 PLOG(ERROR) << "Failed to set non-dumpable flag";
73 return false;
74 }
75
76 return prctl(PR_GET_DUMPABLE) == 0;
77 }
78
79 } // namespace content
OLDNEW
« no previous file with comments | « content/common/sandbox_linux/sandbox_debug_handling_linux.h ('k') | content/common/sandbox_linux/sandbox_linux.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698