Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(229)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc

Issue 263563004: Linux sandbox: disallow fork() and *kill for ASAN (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Rebase Created 6 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h" 5 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h"
6 6
7 #include <errno.h> 7 #include <errno.h>
8 #include <fcntl.h> 8 #include <fcntl.h>
9 #include <fcntl.h> 9 #include <fcntl.h>
10 #include <linux/net.h> 10 #include <linux/net.h>
(...skipping 17 matching lines...) Expand all
28 #define F_DUPFD_CLOEXEC (F_LINUX_SPECIFIC_BASE + 6) 28 #define F_DUPFD_CLOEXEC (F_LINUX_SPECIFIC_BASE + 6)
29 #endif 29 #endif
30 #endif 30 #endif
31 31
32 #if defined(__arm__) && !defined(MAP_STACK) 32 #if defined(__arm__) && !defined(MAP_STACK)
33 #define MAP_STACK 0x20000 // Daisy build environment has old headers. 33 #define MAP_STACK 0x20000 // Daisy build environment has old headers.
34 #endif 34 #endif
35 35
36 namespace { 36 namespace {
37 37
38 inline bool RunningOnASAN() {
39 #if defined(ADDRESS_SANITIZER)
40 return true;
41 #else
42 return false;
43 #endif
44 }
45
46 inline bool IsArchitectureX86_64() { 38 inline bool IsArchitectureX86_64() {
47 #if defined(__x86_64__) 39 #if defined(__x86_64__)
48 return true; 40 return true;
49 #else 41 #else
50 return false; 42 return false;
51 #endif 43 #endif
52 } 44 }
53 45
54 inline bool IsArchitectureI386() { 46 inline bool IsArchitectureI386() {
55 #if defined(__i386__) 47 #if defined(__i386__)
56 return true; 48 return true;
57 #else 49 #else
58 return false; 50 return false;
59 #endif 51 #endif
60 } 52 }
61 53
62 } // namespace. 54 } // namespace.
63 55
64 namespace sandbox { 56 namespace sandbox {
65 57
66 ErrorCode RestrictCloneToThreadsAndEPERMFork(SandboxBPF* sandbox) { 58 ErrorCode RestrictCloneToThreadsAndEPERMFork(SandboxBPF* sandbox) {
67 // Glibc's pthread. 59 // Glibc's pthread.
68 // TODO(jln): fix this on ASAN. 60 return sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL,
69 if (!RunningOnASAN()) { 61 CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND |
70 return sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, 62 CLONE_THREAD | CLONE_SYSVSEM | CLONE_SETTLS |
71 CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND | 63 CLONE_PARENT_SETTID | CLONE_CHILD_CLEARTID,
72 CLONE_THREAD | CLONE_SYSVSEM | CLONE_SETTLS | 64 ErrorCode(ErrorCode::ERR_ALLOWED),
73 CLONE_PARENT_SETTID | CLONE_CHILD_CLEARTID, 65 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL,
74 ErrorCode(ErrorCode::ERR_ALLOWED), 66 CLONE_PARENT_SETTID | SIGCHLD,
75 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, 67 ErrorCode(EPERM),
76 CLONE_PARENT_SETTID | SIGCHLD, 68 // ARM
77 ErrorCode(EPERM), 69 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL,
78 // ARM 70 CLONE_CHILD_SETTID | CLONE_CHILD_CLEARTID | SIGCHLD,
79 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, 71 ErrorCode(EPERM),
80 CLONE_CHILD_SETTID | CLONE_CHILD_CLEARTID | SIGCHLD, 72 sandbox->Trap(SIGSYSCloneFailure, NULL))));
81 ErrorCode(EPERM),
82 sandbox->Trap(SIGSYSCloneFailure, NULL))));
83 } else {
84 return ErrorCode(ErrorCode::ERR_ALLOWED);
85 }
86 } 73 }
87 74
88 ErrorCode RestrictPrctl(SandboxBPF* sandbox) { 75 ErrorCode RestrictPrctl(SandboxBPF* sandbox) {
89 // Will need to add seccomp compositing in the future. PR_SET_PTRACER is 76 // Will need to add seccomp compositing in the future. PR_SET_PTRACER is
90 // used by breakpad but not needed anymore. 77 // used by breakpad but not needed anymore.
91 return sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, 78 return sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL,
92 PR_SET_NAME, ErrorCode(ErrorCode::ERR_ALLOWED), 79 PR_SET_NAME, ErrorCode(ErrorCode::ERR_ALLOWED),
93 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, 80 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL,
94 PR_SET_DUMPABLE, ErrorCode(ErrorCode::ERR_ALLOWED), 81 PR_SET_DUMPABLE, ErrorCode(ErrorCode::ERR_ALLOWED),
95 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, 82 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL,
(...skipping 110 matching lines...) Expand 10 before | Expand all | Expand 10 after
206 SYS_SHUTDOWN, ErrorCode(ErrorCode::ERR_ALLOWED), 193 SYS_SHUTDOWN, ErrorCode(ErrorCode::ERR_ALLOWED),
207 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, 194 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL,
208 SYS_SENDMSG, ErrorCode(ErrorCode::ERR_ALLOWED), 195 SYS_SENDMSG, ErrorCode(ErrorCode::ERR_ALLOWED),
209 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL, 196 sandbox->Cond(0, ErrorCode::TP_32BIT, ErrorCode::OP_EQUAL,
210 SYS_RECVMSG, ErrorCode(ErrorCode::ERR_ALLOWED), 197 SYS_RECVMSG, ErrorCode(ErrorCode::ERR_ALLOWED),
211 ErrorCode(EPERM))))))))); 198 ErrorCode(EPERM)))))))));
212 } 199 }
213 #endif 200 #endif
214 201
215 ErrorCode RestrictKillTarget(pid_t target_pid, SandboxBPF* sandbox, int sysno) { 202 ErrorCode RestrictKillTarget(pid_t target_pid, SandboxBPF* sandbox, int sysno) {
216 if (!RunningOnASAN()) { 203 switch (sysno) {
217 switch (sysno) { 204 case __NR_kill:
218 case __NR_kill: 205 case __NR_tgkill:
219 case __NR_tgkill: 206 return sandbox->Cond(0,
220 return sandbox->Cond(0, 207 ErrorCode::TP_32BIT,
221 ErrorCode::TP_32BIT, 208 ErrorCode::OP_EQUAL,
222 ErrorCode::OP_EQUAL, 209 target_pid,
223 target_pid, 210 ErrorCode(ErrorCode::ERR_ALLOWED),
224 ErrorCode(ErrorCode::ERR_ALLOWED), 211 sandbox->Trap(SIGSYSKillFailure, NULL));
225 sandbox->Trap(SIGSYSKillFailure, NULL)); 212 case __NR_tkill:
226 case __NR_tkill: 213 return sandbox->Trap(SIGSYSKillFailure, NULL);
227 return sandbox->Trap(SIGSYSKillFailure, NULL); 214 default:
228 default: 215 NOTREACHED();
229 NOTREACHED(); 216 return sandbox->Trap(CrashSIGSYS_Handler, NULL);
230 return sandbox->Trap(CrashSIGSYS_Handler, NULL);
231 }
232 } else {
233 switch (sysno) {
234 case __NR_kill:
235 case __NR_tgkill:
236 case __NR_tkill:
237 // On ASAN, fork() is not properly denied. This could lead to the
238 // strange failures we're observing with this policy on ASAN.
239 // TODO(jln): fix this.
240 return ErrorCode(ErrorCode::ERR_ALLOWED);
241 default:
242 NOTREACHED();
243 return sandbox->Trap(CrashSIGSYS_Handler, NULL);
244 }
245 } 217 }
246 } 218 }
247 219
248 } // namespace sandbox. 220 } // namespace sandbox.
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698