summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormarkus@chromium.org <markus@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2010-02-24 02:06:06 +0000
committermarkus@chromium.org <markus@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2010-02-24 02:06:06 +0000
commite0a568f4be1e151b4569b25df5c66f80100de98c (patch)
tree465d7acf48eb9ba7991e668a6af35bc247519198
parentcdf209a4e1c621045cea90a3f4da6f21fdff4fe8 (diff)
downloadchromium_src-e0a568f4be1e151b4569b25df5c66f80100de98c.zip
chromium_src-e0a568f4be1e151b4569b25df5c66f80100de98c.tar.gz
chromium_src-e0a568f4be1e151b4569b25df5c66f80100de98c.tar.bz2
Be more restrictive when finding file names for libraries that need patching.
This avoids false positives if the directory name matches one of the well-known library names (e.g. ld). False positives not only result in a performance hit at startup, because we are now trying to instrument libraries that don't actually contain any system calls; but even worse than this, we could try to instrument system calls in the sandboxing code itself. And those system calls are deliberately coded so that they will not get rewritten. Fortunately, none of this is a security problem. If we accidentally rewrite system calls that weren't supposed to be rewritten, we will just crash on startup. TEST=the sandbox now works on the buildbots BUG=36133 Review URL: http://codereview.chromium.org/652188 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@39839 0039d316-1c4b-4281-b951-d872f2087c98
-rw-r--r--sandbox/linux/seccomp/sandbox.cc19
1 files changed, 17 insertions, 2 deletions
diff --git a/sandbox/linux/seccomp/sandbox.cc b/sandbox/linux/seccomp/sandbox.cc
index 416502b..ff2b59e 100644
--- a/sandbox/linux/seccomp/sandbox.cc
+++ b/sandbox/linux/seccomp/sandbox.cc
@@ -474,9 +474,24 @@ void Sandbox::startSandbox() {
// Intercept system calls in libraries that are known to have them.
for (Maps::const_iterator iter = maps.begin(); iter != maps.end(); ++iter){
Library* library = *iter;
+ const char* mapping = iter.name().c_str();
+
+ // Find the actual base name of the mapped library by skipping past any
+ // SPC and forward-slashes. We don't want to accidentally find matches,
+ // because the directory name included part of our well-known lib names.
+ //
+ // Typically, prior to pruning, entries would look something like this:
+ // 08:01 2289011 /lib/libc-2.7.so
+ for (const char *delim = " /"; *delim; ++delim) {
+ const char* skip = strrchr(mapping, *delim);
+ if (skip) {
+ mapping = skip + 1;
+ }
+ }
+
for (const char **ptr = libs; *ptr; ptr++) {
- const char *name = strstr(iter.name().c_str(), *ptr);
- if (name) {
+ const char *name = strstr(mapping, *ptr);
+ if (name == mapping) {
char ch = name[strlen(*ptr)];
if (ch < 'A' || (ch > 'Z' && ch < 'a') || ch > 'z') {
if (library->parseElf()) {