diff options
| author | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-08-28 18:46:21 +0000 |
|---|---|---|
| committer | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-08-28 18:46:21 +0000 |
| commit | 16184b7ada3760e4d2eb832fa9ef97ad734a125e (patch) | |
| tree | 73c62d84365b9c01c5d55db30362abcfd6abc9d8 /sandbox/sandbox.gyp | |
| parent | 04c84bc6d9fdc15a8d49786b28ee2256aaaf50a8 (diff) | |
| download | chromium_src-16184b7ada3760e4d2eb832fa9ef97ad734a125e.zip chromium_src-16184b7ada3760e4d2eb832fa9ef97ad734a125e.tar.gz chromium_src-16184b7ada3760e4d2eb832fa9ef97ad734a125e.tar.bz2 | |
Linux: updates to the SUID sandbox
(patch from Julien Tinnes)
* Light changes to make it compile as C99 code instead of C++ (no
variable declaration inside 'for' loops initialization)
* argc = 0 would lead to memory corruption.
* Now always in CHROME_DEVEL_SANDBOX mode:
+ In the previous mode, the trusted binary was attacker-owned anyway
because of the environment variables, so I believe it was trivial
to bypass the check.
+ Remove check for being owned by current user.
* Move all the tmp dir creation stuff *before* CLONE_FS happens: avoid
doing stuff in a scary environment. I closed the fd in the untrusted
process.
* changed if (st.st_uid || st.st_gid || st.st_mode & S_IWOTH) to if
(st.st_uid || st.st_gid || st.st_mode & 0777)
* Check rmdir/fchown/fchmod return values
* Check snprintf return value x3 (probably useless)
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@24758 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'sandbox/sandbox.gyp')
| -rw-r--r-- | sandbox/sandbox.gyp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sandbox/sandbox.gyp b/sandbox/sandbox.gyp index 987dbea..ee7bf85 100644 --- a/sandbox/sandbox.gyp +++ b/sandbox/sandbox.gyp @@ -23,7 +23,7 @@ 'LINUX_SANDBOX_CHROME_PATH="<(linux_sandbox_chrome_path)"', ], 'sources': [ - 'linux/suid/sandbox.cc', + 'linux/suid/sandbox.c', ], 'include_dirs': [ '..', |