diff options
| author | mseaborn@chromium.org <mseaborn@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-04-06 06:00:13 +0000 |
|---|---|---|
| committer | mseaborn@chromium.org <mseaborn@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-04-06 06:00:13 +0000 |
| commit | 256ff9d0d45e439bb6f641dce50ecf9936e83d89 (patch) | |
| tree | 934fda465eae473fb9287299bb84250ea3fb7e83 /webkit/tools/layout_tests | |
| parent | 3e6e82da372f9508e8819f84b03716b698fac2c8 (diff) | |
| download | chromium_src-256ff9d0d45e439bb6f641dce50ecf9936e83d89.zip chromium_src-256ff9d0d45e439bb6f641dce50ecf9936e83d89.tar.gz chromium_src-256ff9d0d45e439bb6f641dce50ecf9936e83d89.tar.bz2 | |
Disable registration of Breakpad's signal handler for Native Client
This partially undoes r71459.
This fixes a security vulnerability that occurs when the NaCl revision
is updated to r4598 or later. That revision changes NaCl's
sel_main_chrome.c so that it no longer registers a signal handler, but
instead leaves Breakpad's signal handler (registered by Chrome) in
place.
The vulnerability would allow NaCl untrusted code to escape NaCl's
inner sandbox on x86-32 Linux.
This is because although NaCl's signal handler knows how to safely
handle faults from NaCl x86-32 sandboxed code, Breakpad's signal
handler does not. Breakpad's signal handler does not restore %gs.
BUG=http://code.google.com/p/nativeclient/issues/detail?id=1607
TEST=assertion to be added on the NaCl side (http://codereview.chromium.org/6798008/)
Review URL: http://codereview.chromium.org/6677168
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@80581 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'webkit/tools/layout_tests')
0 files changed, 0 insertions, 0 deletions