diff options
| author | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-08-28 18:46:21 +0000 |
|---|---|---|
| committer | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-08-28 18:46:21 +0000 |
| commit | 16184b7ada3760e4d2eb832fa9ef97ad734a125e (patch) | |
| tree | 73c62d84365b9c01c5d55db30362abcfd6abc9d8 /net | |
| parent | 04c84bc6d9fdc15a8d49786b28ee2256aaaf50a8 (diff) | |
| download | chromium_src-16184b7ada3760e4d2eb832fa9ef97ad734a125e.zip chromium_src-16184b7ada3760e4d2eb832fa9ef97ad734a125e.tar.gz chromium_src-16184b7ada3760e4d2eb832fa9ef97ad734a125e.tar.bz2 | |
Linux: updates to the SUID sandbox
(patch from Julien Tinnes)
* Light changes to make it compile as C99 code instead of C++ (no
variable declaration inside 'for' loops initialization)
* argc = 0 would lead to memory corruption.
* Now always in CHROME_DEVEL_SANDBOX mode:
+ In the previous mode, the trusted binary was attacker-owned anyway
because of the environment variables, so I believe it was trivial
to bypass the check.
+ Remove check for being owned by current user.
* Move all the tmp dir creation stuff *before* CLONE_FS happens: avoid
doing stuff in a scary environment. I closed the fd in the untrusted
process.
* changed if (st.st_uid || st.st_gid || st.st_mode & S_IWOTH) to if
(st.st_uid || st.st_gid || st.st_mode & 0777)
* Check rmdir/fchown/fchmod return values
* Check snprintf return value x3 (probably useless)
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@24758 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net')
0 files changed, 0 insertions, 0 deletions