diff options
author | mostynb@opera.com <mostynb@opera.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-11-28 12:58:50 +0000 |
---|---|---|
committer | mostynb@opera.com <mostynb@opera.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-11-28 12:58:50 +0000 |
commit | 2d85936b2c70e99b94d7ea26596a2bf984497530 (patch) | |
tree | c9045a603b0a6b7745a69d3594cb9e2891feb37b /sandbox | |
parent | abf46af310c3f344fcbf27e931b75e0496ffc519 (diff) | |
download | chromium_src-2d85936b2c70e99b94d7ea26596a2bf984497530.zip chromium_src-2d85936b2c70e99b94d7ea26596a2bf984497530.tar.gz chromium_src-2d85936b2c70e99b94d7ea26596a2bf984497530.tar.bz2 |
DPCHECK known conditions when we guess false in CurrentProcessHasOpenDirectories
openat(AT_FDCWD, "/proc/self/fd", ...) can fail if we have been chrooted
(eg into /proc/self/fdinfo) without directory listing permissions on the
new root dir (hence EACCES). And even if we did have this permission,
/proc wouldn't exist (hence ENOENT).
TEST=Make a debug build or a release build with dcheck_always_on=1 and verify that this DPCHECK does not fail.
BUG=314985
Review URL: https://codereview.chromium.org/59763014
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@237766 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'sandbox')
-rw-r--r-- | sandbox/linux/services/credentials.cc | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/sandbox/linux/services/credentials.cc b/sandbox/linux/services/credentials.cc index cea757c..4f041dc2 100644 --- a/sandbox/linux/services/credentials.cc +++ b/sandbox/linux/services/credentials.cc @@ -163,9 +163,15 @@ bool Credentials::HasOpenDirectory(int proc_fd) { } else { proc_self_fd = openat(AT_FDCWD, "/proc/self/fd", O_DIRECTORY | O_RDONLY); if (proc_self_fd < 0) { + // If this process has been chrooted (eg into /proc/self/fdinfo) then + // the new root dir will not have directory listing permissions for us + // (hence EACCES). And if we do have this permission, then /proc won't + // exist anyway (hence ENOENT). + DPCHECK(errno == EACCES || errno == ENOENT) + << "Unexpected failure when trying to open /proc/self/fd: (" + << errno << ") " << strerror(errno); + // If not available, guess false. - // TODO(mostynb@opera.com): add a CHECK_EQ(ENOENT, errno); Figure out what - // other situations are here. http://crbug.com/314985 return false; } } |