diff options
| author | markus@chromium.org <markus@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-02-24 02:06:06 +0000 |
|---|---|---|
| committer | markus@chromium.org <markus@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-02-24 02:06:06 +0000 |
| commit | e0a568f4be1e151b4569b25df5c66f80100de98c (patch) | |
| tree | 465d7acf48eb9ba7991e668a6af35bc247519198 /sandbox/linux | |
| parent | cdf209a4e1c621045cea90a3f4da6f21fdff4fe8 (diff) | |
| download | chromium_src-e0a568f4be1e151b4569b25df5c66f80100de98c.zip chromium_src-e0a568f4be1e151b4569b25df5c66f80100de98c.tar.gz chromium_src-e0a568f4be1e151b4569b25df5c66f80100de98c.tar.bz2 | |
Be more restrictive when finding file names for libraries that need patching.
This avoids false positives if the directory name matches one of the well-known
library names (e.g. ld).
False positives not only result in a performance hit at startup, because we
are now trying to instrument libraries that don't actually contain any system
calls; but even worse than this, we could try to instrument system calls in
the sandboxing code itself. And those system calls are deliberately coded so
that they will not get rewritten.
Fortunately, none of this is a security problem. If we accidentally rewrite
system calls that weren't supposed to be rewritten, we will just crash on
startup.
TEST=the sandbox now works on the buildbots
BUG=36133
Review URL: http://codereview.chromium.org/652188
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@39839 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'sandbox/linux')
| -rw-r--r-- | sandbox/linux/seccomp/sandbox.cc | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/sandbox/linux/seccomp/sandbox.cc b/sandbox/linux/seccomp/sandbox.cc index 416502b..ff2b59e 100644 --- a/sandbox/linux/seccomp/sandbox.cc +++ b/sandbox/linux/seccomp/sandbox.cc @@ -474,9 +474,24 @@ void Sandbox::startSandbox() { // Intercept system calls in libraries that are known to have them. for (Maps::const_iterator iter = maps.begin(); iter != maps.end(); ++iter){ Library* library = *iter; + const char* mapping = iter.name().c_str(); + + // Find the actual base name of the mapped library by skipping past any + // SPC and forward-slashes. We don't want to accidentally find matches, + // because the directory name included part of our well-known lib names. + // + // Typically, prior to pruning, entries would look something like this: + // 08:01 2289011 /lib/libc-2.7.so + for (const char *delim = " /"; *delim; ++delim) { + const char* skip = strrchr(mapping, *delim); + if (skip) { + mapping = skip + 1; + } + } + for (const char **ptr = libs; *ptr; ptr++) { - const char *name = strstr(iter.name().c_str(), *ptr); - if (name) { + const char *name = strstr(mapping, *ptr); + if (name == mapping) { char ch = name[strlen(*ptr)]; if (ch < 'A' || (ch > 'Z' && ch < 'a') || ch > 'z') { if (library->parseElf()) { |