OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CONTENT_COMMON_SANDBOX_LINUX_H_ | 5 #ifndef CONTENT_COMMON_SANDBOX_LINUX_H_ |
6 #define CONTENT_COMMON_SANDBOX_LINUX_H_ | 6 #define CONTENT_COMMON_SANDBOX_LINUX_H_ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 | 9 |
10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
(...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
73 | 73 |
74 // Limit the address space of the current process (and its children). | 74 // Limit the address space of the current process (and its children). |
75 // to make some vulnerabilities harder to exploit. | 75 // to make some vulnerabilities harder to exploit. |
76 bool LimitAddressSpace(const std::string& process_type); | 76 bool LimitAddressSpace(const std::string& process_type); |
77 | 77 |
78 private: | 78 private: |
79 friend struct DefaultSingletonTraits<LinuxSandbox>; | 79 friend struct DefaultSingletonTraits<LinuxSandbox>; |
80 | 80 |
81 // We must have been pre_initialized_ before using this. | 81 // We must have been pre_initialized_ before using this. |
82 bool seccomp_bpf_supported() const; | 82 bool seccomp_bpf_supported() const; |
83 // Returns true if it can be determined that the current process has open | |
84 // directories that are not managed by the LinuxSandbox class. This would | |
85 // be a vulnerability as it would allow to bypass the setuid sandbox. | |
86 bool HasOpenDirectories(); | |
83 // The last part of the initialization is to make sure any temporary "hole" | 87 // The last part of the initialization is to make sure any temporary "hole" |
84 // in the sandbox is closed. For now, this consists of closing proc_fd_. | 88 // in the sandbox is closed. For now, this consists of closing proc_fd_. |
85 void SealSandbox(); | 89 void SealSandbox(); |
86 | 90 |
87 // A file descriptor to /proc. It's dangerous to have it around as it could | 91 // A file descriptor to /proc. It's dangerous to have it around as it could |
88 // allow for sandbox bypasses. It needs to be closed before we consider | 92 // allow for sandbox bypasses. It needs to be closed before we consider |
89 // ourselves sandboxed. | 93 // ourselves sandboxed. |
90 int proc_fd_; | 94 int proc_fd_; |
91 bool seccomp_bpf_started_; | 95 bool seccomp_bpf_started_; |
92 // Did PreinitializeSandbox() run? | 96 // Did PreinitializeSandbox() run? |
93 bool pre_initialized_; | 97 bool pre_initialized_; |
98 bool sealed_; | |
jln (very slow on Chromium)
2013/11/02 00:10:56
This is not needed, I would rather remove it for n
Mostyn Bramley-Moore
2013/11/02 07:30:07
Done.
| |
94 bool seccomp_bpf_supported_; // Accurate if pre_initialized_. | 99 bool seccomp_bpf_supported_; // Accurate if pre_initialized_. |
95 scoped_ptr<sandbox::SetuidSandboxClient> setuid_sandbox_client_; | 100 scoped_ptr<sandbox::SetuidSandboxClient> setuid_sandbox_client_; |
96 | 101 |
97 ~LinuxSandbox(); | 102 ~LinuxSandbox(); |
98 DISALLOW_IMPLICIT_CONSTRUCTORS(LinuxSandbox); | 103 DISALLOW_IMPLICIT_CONSTRUCTORS(LinuxSandbox); |
99 }; | 104 }; |
100 | 105 |
101 } // namespace content | 106 } // namespace content |
102 | 107 |
103 #endif // CONTENT_COMMON_SANDBOX_LINUX_H_ | 108 #endif // CONTENT_COMMON_SANDBOX_LINUX_H_ |
104 | 109 |
OLD | NEW |