Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(706)

Unified Diff: content/common/sandbox_seccomp_bpf_linux.cc

Issue 12209029: Linux sandbox: restrict clone() in renderer processes. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Add crashing message in Debug builds. Created 7 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/common/sandbox_seccomp_bpf_linux.cc
diff --git a/content/common/sandbox_seccomp_bpf_linux.cc b/content/common/sandbox_seccomp_bpf_linux.cc
index 7051acb93a65132ee1048a72682e456d9bb06231..748f07edee27fb8bc315a5e752814d43d268e599 100644
--- a/content/common/sandbox_seccomp_bpf_linux.cc
+++ b/content/common/sandbox_seccomp_bpf_linux.cc
@@ -101,6 +101,24 @@ intptr_t CrashSIGSYS_Handler(const struct arch_seccomp_data& args, void* aux) {
_exit(1);
}
+// TODO(jln): rewrite reporting functions.
+intptr_t ReportCloneFailure(const struct arch_seccomp_data& args, void* aux) {
+ // "flags" in the first argument in the kernel's clone().
+ // Mark as volatile to be able to find the value on the stack in a minidump.
+#if !defined(NDEBUG)
+ RAW_LOG(ERROR, __FILE__":**CRASHING**:clone() failure\n");
+#endif
+ volatile uint64_t clone_flags = args.args[0];
+ volatile char* addr =
+ reinterpret_cast<volatile char*>(clone_flags & 0xFFFFFF);
+ *addr = '\0';
+ // Hit the NULL page if this fails to fault.
+ addr = reinterpret_cast<volatile char*>(clone_flags & 0xFFF);
+ *addr = '\0';
+ for (;;)
+ _exit(1);
+}
+
bool IsAcceleratedVideoDecodeEnabled() {
// Accelerated video decode is currently enabled on Chrome OS,
// but not on Linux: crbug.com/137247.
@@ -1236,8 +1254,24 @@ ErrorCode GpuBrokerProcessPolicy(int sysno, void*) {
}
}
+// Allow clone for threads, crash if anything else is attempted.
+ErrorCode RestrictCloneToThreads() {
+ // Glibc's pthread.
+ return Sandbox::Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL,
+ CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND |
+ CLONE_THREAD | CLONE_SYSVSEM | CLONE_SETTLS |
+ CLONE_PARENT_SETTID | CLONE_CHILD_CLEARTID,
+ ErrorCode(ErrorCode::ERR_ALLOWED),
+ Sandbox::Trap(ReportCloneFailure, NULL));
+}
+
ErrorCode RendererOrWorkerProcessPolicy(int sysno, void *) {
switch (sysno) {
+ case __NR_clone:
+#if defined(__x86_64__) && defined(OS_LINUX)
+ // TODO(jln): extend to other architectures.
+ return RestrictCloneToThreads();
+#endif
case __NR_ioctl: // TODO(jln) investigate legitimate use in the renderer
// and see if alternatives can be used.
case __NR_fdatasync:
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698