Block ptrace (and ptrace-like) syscalls from the renderer and worker processs.

BUG=125225 Review URL: https://chromiumcodereview.appspot.com/10454110 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@140080 0039d316-1c4b-4281-b951-d872f2087c98
author: cevans@chromium.org <cevans@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2012-06-01 19:34:56 +0000
committer: cevans@chromium.org <cevans@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2012-06-01 19:34:56 +0000
commit: 866d1af17255d751c1f2feb828bba20bd25ffaae (patch)
tree: 1a7daab2b22bd83528e0c381f963206a8dcd8dde /content/common/sandbox_init_linux.cc
parent: 6ad2288c227a0037e444c640c7157f75d84da365 (diff)
download: chromium_src-866d1af17255d751c1f2feb828bba20bd25ffaae.zip
chromium_src-866d1af17255d751c1f2feb828bba20bd25ffaae.tar.gz
chromium_src-866d1af17255d751c1f2feb828bba20bd25ffaae.tar.bz2
1 files changed, 45 insertions, 8 deletions
diff --git a/content/common/sandbox_init_linux.cc b/content/common/sandbox_init_linux.cc
index 1c9bf4d..51a4df2 100644
--- a/content/common/sandbox_init_linux.cc
+++ b/content/common/sandbox_init_linux.cc
@@ -32,6 +32,10 @@
   #define SYS_SECCOMP 1
 #endif
 
+#ifndef __NR_migrate_pages
+  #define __NR_migrate_pages 256
+#endif
+
 #ifndef __NR_openat
   #define __NR_openat 257
 #endif
@@ -44,10 +48,22 @@
   #define __NR_readlinkat 267
 #endif
 
+#ifndef __NR_move_pages
+  #define __NR_move_pages 279
+#endif
+
 #ifndef __NR_eventfd2
   #define __NR_eventfd2 290
 #endif
 
+#ifndef __NR_process_vm_readv
+  #define __NR_process_vm_readv 310
+#endif
+
+#ifndef __NR_process_vm_writev
+  #define __NR_process_vm_writev 311
+#endif
+
 // Constants from very new header files that we can't yet include.
 #ifndef SECCOMP_MODE_FILTER
   #define SECCOMP_MODE_FILTER 2
@@ -165,9 +181,22 @@ static void EmitPreamble(std::vector<struct sock_filter>* program) {
   EmitLoad(0, program);
 }
 
+static void EmitTrap(std::vector<struct sock_filter>* program) {
+  EmitRet(SECCOMP_RET_TRAP, program);
+}
+
+static void EmitAllow(std::vector<struct sock_filter>* program) {
+  EmitRet(SECCOMP_RET_ALLOW, program);
+}
+
 static void EmitAllowSyscall(int nr, std::vector<struct sock_filter>* program) {
   EmitJEQJF(nr, 1, program);
-  EmitRet(SECCOMP_RET_ALLOW, program);
+  EmitAllow(program);
+}
+
+static void EmitDenySyscall(int nr, std::vector<struct sock_filter>* program) {
+  EmitJEQJF(nr, 1, program);
+  EmitTrap(program);
 }
 
 static void EmitAllowSyscallArgN(int nr,
@@ -179,7 +208,7 @@ static void EmitAllowSyscallArgN(int nr,
   EmitJEQJF(nr, 4, program);
   EmitLoadArg(arg_nr, program);
   EmitJEQJF(arg_val, 1, program);
-  EmitRet(SECCOMP_RET_ALLOW, program);
+  EmitAllow(program);
   // We trashed syscall_nr so put it back in the accumulator.
   EmitLoad(0, program);
 }
@@ -190,10 +219,6 @@ static void EmitFailSyscall(int nr, int err,
   EmitRet(SECCOMP_RET_ERRNO | err, program);
 }
 
-static void EmitTrap(std::vector<struct sock_filter>* program) {
-  EmitRet(SECCOMP_RET_TRAP, program);
-}
-
 // TODO(cevans) -- only really works as advertised once we restrict clone()
 // to CLONE_THREAD.
 static void EmitAllowSignalSelf(std::vector<struct sock_filter>* program) {
@@ -333,6 +358,14 @@ static void ApplyFlashPolicy(std::vector<struct sock_filter>* program) {
   EmitSetupEmptyFileSystem(program);
 }
 
+static void ApplyNoPtracePolicy(std::vector<struct sock_filter>* program) {
+  EmitDenySyscall(__NR_ptrace, program);
+  EmitDenySyscall(__NR_process_vm_readv, program);
+  EmitDenySyscall(__NR_process_vm_writev, program);
+  EmitDenySyscall(__NR_migrate_pages, program);
+  EmitDenySyscall(__NR_move_pages, program);
+}
+
 static bool CanUseSeccompFilters() {
   int ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, 0, 0, 0);
   if (ret != 0 && errno == EFAULT)
@@ -378,14 +411,18 @@ void InitializeSandbox() {
 
   if (process_type == switches::kGpuProcess) {
     ApplyGPUPolicy(&program);
+    EmitTrap(&program);  // Default deny.
   } else if (process_type == switches::kPpapiPluginProcess) {
     ApplyFlashPolicy(&program);
+    EmitTrap(&program);  // Default deny.
+  } else if (process_type == switches::kRendererProcess ||
+             process_type == switches::kWorkerProcess) {
+    ApplyNoPtracePolicy(&program);
+    EmitAllow(&program);  // Default permit.
   } else {
     NOTREACHED();
   }
 
-  EmitTrap(&program);
-
   InstallSIGSYSHandler();
   InstallFilter(program);
 }
author	cevans@chromium.org <cevans@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2012-06-01 19:34:56 +0000
committer	cevans@chromium.org <cevans@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2012-06-01 19:34:56 +0000
commit	866d1af17255d751c1f2feb828bba20bd25ffaae (patch)
tree	1a7daab2b22bd83528e0c381f963206a8dcd8dde /content/common/sandbox_init_linux.cc
parent	6ad2288c227a0037e444c640c7157f75d84da365 (diff)
download	chromium_src-866d1af17255d751c1f2feb828bba20bd25ffaae.zip chromium_src-866d1af17255d751c1f2feb828bba20bd25ffaae.tar.gz chromium_src-866d1af17255d751c1f2feb828bba20bd25ffaae.tar.bz2