diff options
| author | tommycli@chromium.org <tommycli@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-09-10 00:10:00 +0000 |
|---|---|---|
| committer | tommycli@chromium.org <tommycli@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-09-10 00:10:00 +0000 |
| commit | 2cf51485fb2e0ac5631b9298bf09457ffe6257cc (patch) | |
| tree | e627a95cac9c7338154d321c7b2a5511d8c69a8d /webkit | |
| parent | 68975dc2c01adfe4340bed5ddc121353a4a78044 (diff) | |
| download | chromium_src-2cf51485fb2e0ac5631b9298bf09457ffe6257cc.zip chromium_src-2cf51485fb2e0ac5631b9298bf09457ffe6257cc.tar.gz chromium_src-2cf51485fb2e0ac5631b9298bf09457ffe6257cc.tar.bz2 | |
FileAPIMessageFilter Security: Minimal patch to fix permissions escalation.
Per vandebo's suggestion, this is a minimal fix to the security-hole meant
for backporting/merging.
https://codereview.chromium.org/23760004/ is the long-term fix.
BUG=284792
Review URL: https://chromiumcodereview.appspot.com/23461031
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@222143 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'webkit')
| -rw-r--r-- | webkit/browser/fileapi/file_permission_policy.cc | 19 | ||||
| -rw-r--r-- | webkit/browser/fileapi/file_permission_policy.h | 2 |
2 files changed, 12 insertions, 9 deletions
diff --git a/webkit/browser/fileapi/file_permission_policy.cc b/webkit/browser/fileapi/file_permission_policy.cc index 1645487..6f1a36c 100644 --- a/webkit/browser/fileapi/file_permission_policy.cc +++ b/webkit/browser/fileapi/file_permission_policy.cc @@ -21,14 +21,17 @@ const int kWriteFilePermissions = base::PLATFORM_FILE_OPEN | const int kCreateFilePermissions = base::PLATFORM_FILE_CREATE; -const int kOpenFilePermissions = base::PLATFORM_FILE_CREATE | - base::PLATFORM_FILE_OPEN_ALWAYS | - base::PLATFORM_FILE_CREATE_ALWAYS | - base::PLATFORM_FILE_OPEN_TRUNCATED | - base::PLATFORM_FILE_WRITE | - base::PLATFORM_FILE_EXCLUSIVE_WRITE | - base::PLATFORM_FILE_DELETE_ON_CLOSE | - base::PLATFORM_FILE_WRITE_ATTRIBUTES; +const int kOpenPepperFilePermissions = base::PLATFORM_FILE_OPEN | + base::PLATFORM_FILE_CREATE | + base::PLATFORM_FILE_OPEN_ALWAYS | + base::PLATFORM_FILE_CREATE_ALWAYS | + base::PLATFORM_FILE_OPEN_TRUNCATED | + base::PLATFORM_FILE_READ | + base::PLATFORM_FILE_WRITE | + base::PLATFORM_FILE_APPEND | + base::PLATFORM_FILE_EXCLUSIVE_WRITE | + base::PLATFORM_FILE_DELETE_ON_CLOSE | + base::PLATFORM_FILE_WRITE_ATTRIBUTES; } // namespace fileapi diff --git a/webkit/browser/fileapi/file_permission_policy.h b/webkit/browser/fileapi/file_permission_policy.h index 3975c3c..5c9ced54 100644 --- a/webkit/browser/fileapi/file_permission_policy.h +++ b/webkit/browser/fileapi/file_permission_policy.h @@ -12,7 +12,7 @@ namespace fileapi { WEBKIT_STORAGE_BROWSER_EXPORT extern const int kReadFilePermissions; WEBKIT_STORAGE_BROWSER_EXPORT extern const int kWriteFilePermissions; WEBKIT_STORAGE_BROWSER_EXPORT extern const int kCreateFilePermissions; -WEBKIT_STORAGE_BROWSER_EXPORT extern const int kOpenFilePermissions; +WEBKIT_STORAGE_BROWSER_EXPORT extern const int kOpenPepperFilePermissions; enum FilePermissionPolicy { // Any access should be always denied. |