diff options
| author | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-05-20 15:41:11 +0000 |
|---|---|---|
| committer | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-05-20 15:41:11 +0000 |
| commit | 23d67c409398db702f60bb5c972cddb564432d27 (patch) | |
| tree | f333bc24620a1935f24c2d90cd97fe523ae25d2d /chrome/nacl.gypi | |
| parent | a4e8a88d0033eac71ddcaac64e3db694dc8c0f3d (diff) | |
| download | chromium_src-23d67c409398db702f60bb5c972cddb564432d27.zip chromium_src-23d67c409398db702f60bb5c972cddb564432d27.tar.gz chromium_src-23d67c409398db702f60bb5c972cddb564432d27.tar.bz2 | |
Remove a possible race in the SUID sandbox (minor)
The SUID sandbox can be used to set the oom_adj value for non-dumpable
processes owned by the same user. When doing so, we previously first
checked the directory owner and then opened the oom_adj file. In between
the check and the open, the process could have died and another process
could have taken that PID value. We would then adjust the OOM value of
the wrong process.
Given how PIDs are allocated, this is very hard to exploit and, even
then, a minor security issue at best, but we can avoid the issue
entirely with openat.
http://codereview.chromium.org/2118007
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@47801 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/nacl.gypi')
0 files changed, 0 insertions, 0 deletions