Disable registration of Breakpad's signal handler for Native Client

This partially undoes r71459.

This fixes a security vulnerability that occurs when the NaCl revision
is updated to r4598 or later.  That revision changes NaCl's
sel_main_chrome.c so that it no longer registers a signal handler, but
instead leaves Breakpad's signal handler (registered by Chrome) in
place.

The vulnerability would allow NaCl untrusted code to escape NaCl's
inner sandbox on x86-32 Linux.

This is because although NaCl's signal handler knows how to safely
handle faults from NaCl x86-32 sandboxed code, Breakpad's signal
handler does not.  Breakpad's signal handler does not restore %gs.

BUG=http://code.google.com/p/nativeclient/issues/detail?id=1607
TEST=assertion to be added on the NaCl side (http://codereview.chromium.org/6798008/)

Review URL: http://codereview.chromium.org/6677168

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@80581 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 1 insertions, 2 deletions

diff --git a/chrome/app/breakpad_linux.cc b/chrome/app/breakpad_linux.cc
index f51c137..7fd12bd 100644
--- a/chrome/app/breakpad_linux.cc
+++ b/chrome/app/breakpad_linux.cc
@@ -686,7 +686,7 @@ void EnableCrashDumping(const bool unattended) {
   }
 }
 
-// Currently Non-Browser = Renderer, Plugins, Native Client and Gpu
+// Currently Non-Browser = Renderer, Plugins and Gpu
 static bool
 NonBrowserCrashHandler(const void* crash_context, size_t crash_context_size,
                        void* context) {
@@ -788,7 +788,6 @@ void InitCrashReporter() {
   } else if (process_type == switches::kRendererProcess ||
              process_type == switches::kPluginProcess ||
              process_type == switches::kZygoteProcess ||
-             process_type == switches::kNaClLoaderProcess ||
              process_type == switches::kGpuProcess) {
     // We might be chrooted in a zygote or renderer process so we cannot call
     // GetCollectStatsConsent because that needs access the the user's home