content/common/sandbox_linux/sandbox_linux.cc - Issue 915823002: Namespace sandbox: add important security checks

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: content/common/sandbox_linux/sandbox_linux.cc

Issue 915823002: Namespace sandbox: add important security checks (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Better documentation. Created 5 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« content/common/sandbox_linux/sandbox_linux.h ('K') | « content/common/sandbox_linux/sandbox_linux.h ('k') | content/content_common.gypi » ('j') | content/zygote/zygote_main_linux.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: content/common/sandbox_linux/sandbox_linux.cc

diff --git a/content/common/sandbox_linux/sandbox_linux.cc b/content/common/sandbox_linux/sandbox_linux.cc

index 480b2654f3df2bf79eea18923bfbcbee6c262002..ed51786db1606ec645251376a7daa86bf8404bfe 100644

--- a/content/common/sandbox_linux/sandbox_linux.cc

+++ b/content/common/sandbox_linux/sandbox_linux.cc

@@ -28,10 +28,13 @@

#include "base/sys_info.h"

#include "base/time/time.h"

#include "build/build_config.h"

+#include "content/common/sandbox_linux/sandbox_debug_handling_linux.h"

#include "content/common/sandbox_linux/sandbox_linux.h"

#include "content/common/sandbox_linux/sandbox_seccomp_bpf_linux.h"

#include "content/public/common/content_switches.h"

#include "content/public/common/sandbox_linux.h"

+#include "sandbox/linux/services/credentials.h"

+#include "sandbox/linux/services/namespace_sandbox.h"

#include "sandbox/linux/services/proc_util.h"

#include "sandbox/linux/services/thread_helpers.h"

#include "sandbox/linux/services/yama.h"

@@ -182,6 +185,27 @@ void LinuxSandbox::PreinitializeSandbox() {

pre_initialized_ = true;

}

+void LinuxSandbox::EngageNamespaceSandbox() {

+ CHECK(pre_initialized_);

+ // Check being in a new PID namespace created by the namespace sandbox and

+ // being the init process.

+ CHECK(sandbox::NamespaceSandbox::InNewPidNamespace());

+ const pid_t pid = getpid();

+ CHECK_EQ(1, pid);

+ CHECK(sandbox::Credentials::MoveToNewUserNS());

+ // Note: this requires SealSandbox() to be called later in this process to be

+ // safe, as this class is purposedly keeping a file descriptor to /proc.

rickyz (no longer on Chrome) 2015/02/11 22:59:56 nit: purposely (or just remove if you prefer)

jln (very slow on Chromium) 2015/02/11 23:13:06 Done.

+ CHECK(!HasOpenDirectories());

+ CHECK(sandbox::Credentials::DropFileSystemAccess());

+ CHECK(IsSingleThreaded());

+ CHECK(sandbox::Credentials::DropAllCapabilities());

+ // This needs to happen after moving to a new user NS, since doing so involves

+ // writing the UID/GID map.

+ CHECK(SandboxDebugHandling::SetDumpableStatusAndHandlers());

std::vector<int> LinuxSandbox::GetFileDescriptorsToClose() {

std::vector<int> fds;

if (proc_fd_ >= 0) {

« content/common/sandbox_linux/sandbox_linux.h ('K') | « content/common/sandbox_linux/sandbox_linux.h ('k') | content/content_common.gypi » ('j') | content/zygote/zygote_main_linux.cc » ('J')