diff options
| author | jln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-01-09 08:34:53 +0000 |
|---|---|---|
| committer | jln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-01-09 08:34:53 +0000 |
| commit | 279a51d13b358585d08e54d0939a03fff70b6bdf (patch) | |
| tree | 55d3aacbcd870f5b01ddd85ee6dfb9333acabb37 /sandbox | |
| parent | 9e3c2684c9358cf8e90e1392ba222da6efc90753 (diff) | |
| download | chromium_src-279a51d13b358585d08e54d0939a03fff70b6bdf.zip chromium_src-279a51d13b358585d08e54d0939a03fff70b6bdf.tar.gz chromium_src-279a51d13b358585d08e54d0939a03fff70b6bdf.tar.bz2 | |
Linux Sandbox: handle O_CREAT properly in broker process.
We only support 2-parameters open in the broker process but we
didn't filter-out O_CREAT properly.
BUG=168944
NOTRY=true
Review URL: https://chromiumcodereview.appspot.com/11778056
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@175744 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'sandbox')
| -rw-r--r-- | sandbox/linux/services/broker_process.cc | 9 | ||||
| -rw-r--r-- | sandbox/linux/services/broker_process_unittest.cc | 5 |
2 files changed, 13 insertions, 1 deletions
diff --git a/sandbox/linux/services/broker_process.cc b/sandbox/linux/services/broker_process.cc index f51533c..cbd9ece 100644 --- a/sandbox/linux/services/broker_process.cc +++ b/sandbox/linux/services/broker_process.cc @@ -67,6 +67,11 @@ bool IsAllowedOpenFlags(int flags) { return false; } + // We only support a 2-parameters open, so we forbid O_CREAT. + if (flags & O_CREAT) { + return false; + } + // Some flags affect the behavior of the current process. We don't support // them and don't allow them for now. if (flags & ForCurrentProcessFlagsMask()) { @@ -288,7 +293,9 @@ bool BrokerProcess::HandleOpenRequest(int reply_ipc, // O_CLOEXEC doesn't hurt (even though we won't execve()), and this // property won't be passed to the client. // We may want to think about O_NONBLOCK as well. - int opened_fd = open(file_to_open, flags | O_CLOEXEC); + // We're doing a 2-parameter open, so we don't support O_CREAT. It doesn't + // hurt to always pass a third argument though. + int opened_fd = open(file_to_open, flags | O_CLOEXEC, 0); if (opened_fd < 0) { write_pickle.WriteInt(-errno); } else { diff --git a/sandbox/linux/services/broker_process_unittest.cc b/sandbox/linux/services/broker_process_unittest.cc index 7319ae9..e01cc1c5 100644 --- a/sandbox/linux/services/broker_process_unittest.cc +++ b/sandbox/linux/services/broker_process_unittest.cc @@ -99,6 +99,11 @@ void TestOpenFilePerms(bool fast_check_in_client) { // We have some extra sanity check for clearly wrong values. fd = open_broker.Open(kRW_WhiteListed, O_RDONLY|O_WRONLY|O_RDWR); EXPECT_EQ(fd, -EPERM); + + // It makes no sense to allow O_CREAT in a 2-parameters open. Ensure this + // is denied. + fd = open_broker.Open(kRW_WhiteListed, O_RDWR|O_CREAT); + EXPECT_EQ(fd, -EPERM); } // Run the same thing twice. The second time, we make sure that no security |