components/nacl/loader/nonsfi/nonsfi_sandbox.cc - Issue 247563004: Non-SFI NaCl: Disallow mmap with PROT_EXEC

Unified Diff: components/nacl/loader/nonsfi/nonsfi_sandbox.cc

Issue 247563004: Non-SFI NaCl: Disallow mmap with PROT_EXEC (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Created 6 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

Index: components/nacl/loader/nonsfi/nonsfi_sandbox.cc

diff --git a/components/nacl/loader/nonsfi/nonsfi_sandbox.cc b/components/nacl/loader/nonsfi/nonsfi_sandbox.cc

index a58ba840b73991c29485556968f9845b3045d82f..866f1da431ec540f9f532936bb107e56147daa19 100644

--- a/components/nacl/loader/nonsfi/nonsfi_sandbox.cc

+++ b/components/nacl/loader/nonsfi/nonsfi_sandbox.cc

@@ -124,12 +124,16 @@ ErrorCode RestrictMemoryProtection(SandboxBPF* sb, int argno) {

ErrorCode RestrictMmap(SandboxBPF* sb) {

const uint32_t denied_flag_mask = ~(MAP_SHARED | MAP_PRIVATE |

MAP_ANONYMOUS | MAP_STACK | MAP_FIXED);

- // TODO(hamaji): Disallow RWX mmap.

+ const uint32_t denied_prot_mask = ~(PROT_READ | PROT_WRITE);

Mark Seaborn 2014/04/24 16:49:30 It's not really obvious why you'd want to do this.

hamaji 2014/04/25 01:44:47 I just guessed this would slight improve security.

return sb->Cond(3, ErrorCode::TP_32BIT,

ErrorCode::OP_HAS_ANY_BITS,

denied_flag_mask,

- sb->Trap(sandbox::CrashSIGSYS_Handler, NULL),

- RestrictMemoryProtection(sb, 2));

+ sb->Trap(sandbox::CrashSIGSYS_Handler, NULL),

+ sb->Cond(2, ErrorCode::TP_32BIT,

+ ErrorCode::OP_HAS_ANY_BITS,

+ denied_prot_mask,

+ sb->Trap(sandbox::CrashSIGSYS_Handler, NULL),

+ ErrorCode(ErrorCode::ERR_ALLOWED)));

}

ErrorCode RestrictSocketpair(SandboxBPF* sb) {