diff options
| author | cevans@chromium.org <cevans@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-02-14 19:24:14 +0000 |
|---|---|---|
| committer | cevans@chromium.org <cevans@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-02-14 19:24:14 +0000 |
| commit | 2299212ea4cf56e9e515edfb1e80297c61ee75c0 (patch) | |
| tree | 71c289b5556aea2fe8e81b252703dad74ce9c176 /content/common/sandbox_linux.cc | |
| parent | 0bd0d643dc8233284373d99b07658a13280bf5df (diff) | |
| download | chromium_src-2299212ea4cf56e9e515edfb1e80297c61ee75c0.zip chromium_src-2299212ea4cf56e9e515edfb1e80297c61ee75c0.tar.gz chromium_src-2299212ea4cf56e9e515edfb1e80297c61ee75c0.tar.bz2 | |
We only need the larger 16GB RLIMIT_AS for web processes.
BUG=176098
Review URL: https://codereview.chromium.org/12252018
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@182509 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'content/common/sandbox_linux.cc')
| -rw-r--r-- | content/common/sandbox_linux.cc | 24 |
1 files changed, 14 insertions, 10 deletions
diff --git a/content/common/sandbox_linux.cc b/content/common/sandbox_linux.cc index 776e754..ec443ec 100644 --- a/content/common/sandbox_linux.cc +++ b/content/common/sandbox_linux.cc @@ -277,25 +277,29 @@ bool LinuxSandbox::LimitAddressSpace(const std::string& process_type) { if (command_line->HasSwitch(switches::kNoSandbox)) { return false; } + + // Limit the address space to 4GB. + // This is in the hope of making some kernel exploits more complex and less + // reliable. It also limits sprays a little on 64-bit. + rlim_t address_space_limit = std::numeric_limits<uint32_t>::max(); #if defined(__LP64__) - // On 64 bits, limit the address space to 16GB. This is in the hope of making - // some kernel exploits more complex and less reliable. This limit has to be - // very high because V8 and possibly others will reserve memory ranges and + // On 64 bits, V8 and possibly others will reserve massive memory ranges and // rely on on-demand paging for allocation. Unfortunately, even // MADV_DONTNEED ranges count towards RLIMIT_AS so this is not an option. // See crbug.com/169327 for a discussion. - const rlim_t kNewAddressSpaceMaxSize = 1L << 34; -#else - // On 32 bits, enforce the 4GB limit. On a 64 bits kernel, this could - // prevent far calling to 64 bits and abuse the memory allocator to exploit - // a kernel vulnerability. - const rlim_t kNewAddressSpaceMaxSize = std::numeric_limits<uint32_t>::max(); + // For now, increase limit to 16GB for renderer and worker processes to + // accomodate. + if (process_type == switches::kRendererProcess || + process_type == switches::kWorkerProcess) { + address_space_limit = 1L << 34; + } #endif // defined(__LP64__) + // On all platforms, add a limit to the brk() heap that would prevent // allocations that can't be index by an int. const rlim_t kNewDataSegmentMaxSize = std::numeric_limits<int>::max(); - bool limited_as = AddResourceLimit(RLIMIT_AS, kNewAddressSpaceMaxSize); + bool limited_as = AddResourceLimit(RLIMIT_AS, address_space_limit); bool limited_data = AddResourceLimit(RLIMIT_DATA, kNewDataSegmentMaxSize); return limited_as && limited_data; #else |