Linux sandbox: restrict *kill to the current process.

sandbox/linux/seccomp-bpf-helpers/baseline_policy.h

Index: sandbox/linux/seccomp-bpf-helpers/baseline_policy.h
diff --git a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.h b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.h
index f1e4bb96c199e155ee0c9eafdeaed55e597d5388..1803bc42d300f01649c8e37add039e41ffaa5064 100644
--- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.h
+++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.h
@@ -18,11 +18,13 @@ class SandboxBPFPolicy;
 // that reduces the Linux kernel's attack surface. Given its nature, it doesn't
 // have a clear semantics and is mostly "implementation-defined".
 //
-// This returns an object that implements the SandboxBPFPolicy interface with
-// a "baseline" policy within Chromium.
+// This class implements the SandboxBPFPolicy interface with a "baseline"
+// policy for us within Chromium.
 // The "baseline" policy is somewhat arbitrary. All Chromium policies are an
 // alteration of it, and it represents a reasonable common ground to run most
 // code in a sandboxed environment.
+// A baseline policy is only valid for the process for which this object was
+// instanciated (so do not fork() and use it in a child).

[Jorge Lucangeli Obes, 2014/04/29 18:23:43]

You might have missed "instantiated" here.

[jln (very slow on Chromium), 2014/04/29 18:26:03]

I had done it, I swear! .. but then I did git stash because I had already a
bunch of files I was editing.

 class SANDBOX_EXPORT BaselinePolicy : public SandboxBPFPolicy {
  public:
   BaselinePolicy();
@@ -36,6 +38,7 @@ class SANDBOX_EXPORT BaselinePolicy : public SandboxBPFPolicy {
 
  private:
   int fs_denied_errno_;
+  pid_t current_pid_;
   DISALLOW_COPY_AND_ASSIGN(BaselinePolicy);
 };