| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add operator delete that matches the placement form of the
operator new. This is required by compiler to generate code
to call operator delete in case the object's constructor
throws an exception.
See http://msdn.microsoft.com/en-us/library/cxdxz3x6.aspx
R=rvargas
BUG=none
TEST=sandbox code compiles if exception is enabled.
Review URL: http://codereview.chromium.org/2870017
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@50486 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Revert 50258 - TTF: Reenable some disabled tests.
DevToolsSanityTest.TestConsoleLog seems to work
ProxyResolverV8Test.FAILS_ReturnUnicode
DepTest.FAILS_TestDepDisable
VectorCanvasTest.FAILS_Matrix
TEST=none
BUG=disabled tests
Review URL: http://codereview.chromium.org/2819011
TBR=vandebo@chromium.org
Review URL: http://codereview.chromium.org/2862016
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@50261 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
DevToolsSanityTest.TestConsoleLog seems to work
ProxyResolverV8Test.FAILS_ReturnUnicode
DepTest.FAILS_TestDepDisable
VectorCanvasTest.FAILS_Matrix
TEST=none
BUG=disabled tests
Review URL: http://codereview.chromium.org/2819011
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@50258 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
| |
TBR=thakis@chromium.org
Review URL: http://codereview.chromium.org/2825006
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@50002 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
| |
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@49982 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
| |
Before we carefully used the app (Chrome/Chromium) name, but:
1) these are for internal debugging use only, so why compute this name
2) on Linux the thread ids are limited to 16 characters, and "Chromium"
is too long
Review URL: http://codereview.chromium.org/2741003
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@49296 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
| |
sandbox directory.
BUG=None
TEST=trybots
Review URL: http://codereview.chromium.org/2643003
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@49010 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
| |
enabling warn-on-signed-versus-unsigned-equality-comparisions on Windows.
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/2395001
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@48666 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
| |
windows builds more similar to linux/mac, which already treat signed/
unsigned equality comparisons as warnings (and hence errors).
BUG=44471
TEST=none
Review URL: http://codereview.chromium.org/2222002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@48395 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 161f7fd3bdd425167af9fe26fdc5373a2ff44c98.
Revert "Missed a file as part of checkin for r48186"
This reverts commit cff86beba5938209393a6c3bccced62a7f3ff36b.
Revert "Enable warning 4389 as an error on windows builds. This will make"
This reverts commit c78936bcfc65b98edf288191d927a495b0364621.
TBR=mbelshe
Review URL: http://codereview.chromium.org/2253001
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@48238 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
| |
windows builds more similar to linux/mac, which already treat signed/
unsigned equality comparisons as warnings (and hence errors).
BUG=44471
TEST=none
Review URL: http://codereview.chromium.org/2081007
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@48186 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This should work both standalone and inside the Chromium build.
I have not included an action for running the tests, since having
such an action does not seem to be common in the Chromium build.
BUG=none
TEST=seccomp_tests
Review URL: http://codereview.chromium.org/2165001
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@48043 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch attempts to fork off the sandboxed process with the
additional NEWNS and NEWNET flags. If these flags aren't supported at
runtime then the code will degrade to the current behaviour.
NEWNS starts children in a new mount namespace so that they cannot
affect the parent's mounts. (This is a little bit useless every little
helps.)
NEWNET starts children in a new network space, initially with no
network devices and this stops sandboxed processes from talking to the
network. Additionally, children exist in their own namespaces for UNIX
domain sockets and the abstract namespace.
http://codereview.chromium.org/2108020/show
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@48040 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The SUID sandbox can be used to set the oom_adj value for non-dumpable
processes owned by the same user. When doing so, we previously first
checked the directory owner and then opened the oom_adj file. In between
the check and the open, the process could have died and another process
could have taken that PID value. We would then adjust the OOM value of
the wrong process.
Given how PIDs are allocated, this is very hard to exploit and, even
then, a minor security issue at best, but we can avoid the issue
entirely with openat.
http://codereview.chromium.org/2118007
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@47801 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The intention behind this is to make it easier to sync the .gyp file
into the non-Chromium copy of the seccomp sandbox so that it can be
used to build a standalone version of the sandbox.
Also, it arguably makes the .gyp files more manageable.
Removes a dependency on "base", which the seccomp sandbox does not use.
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/1939002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@47792 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
from within the sandbox.
Added tests for the new functionality and merged the tests for sigreturn()
that had previously been committed to the standalone version of the sandbox
(on Google Code)
TEST=run "make test"
BUG=37728
Review URL: http://codereview.chromium.org/2074003
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@47561 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Test that signal handlers can be run OK. This tests the support
for sigreturn() (that involves patching the VDSO) that was added
in r76 of the non-Chromium version of the sandbox.
Test that signal masks can be set and read. This tests the
sigprocmask() support that was added in r70.
Add a mechanism for checking that a test exits with an expected
non-zero exit status, such as SIGSEGV.
BUG=none
TEST=test_syscalls
Review URL: http://codereview.chromium.org/2087013
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@47541 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
| |
Review URL: http://codereview.chromium.org/1480002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@47327 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
stack of the newly created thread, instead of creating it on the caller's
stack and copying it over. This eliminates the need to do complicated touch-ups
of the signal stack's data structure, which turned out to be incorrect for
the FPU state. Thanks to Mark Seaborn for pointing out this simplification of
the code.
TEST=Chrome no longer crashes in tcmalloc
BUG=none
Review URL: http://codereview.chromium.org/2051005
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@46928 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These tests were useful for debugging reference_trusted_thread.cc.
Test an easily-forwarded system call, dup(). Also test clone()
directly, in addition to testing it indirectly via pthread_create().
Check for leaked FDs.
Change the test runner to run all tests, even if one fails, rather
than stopping at the first failed test.
Review URL: http://codereview.chromium.org/1750014
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/1756015
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@45806 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
| |
as far away from the stack as possible, but still as close to the VDSO as we
can.
BUG=none
TEST=run the tests in a tight loop and notice that they no longer randomly fail
Review URL: http://codereview.chromium.org/1807002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@45775 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
complicated by the fact that in Seccomp mode, we can only ever call
sigreturn(). But in order to eventually support sigaction(), we want to
be able to also call rt_sigreturn().
We solve this problem by rewriting the signal stack frame from an RT
signal frame to a legacy frame. Fortunately, this part of the signal
frame is stable between kernel versions. The unstable part (i.e. extended
registers such as FP, MMX, SSE, ...) is always identical in both in both
types of signal frames.
None of these complications exist on x86-64 and it is relatively
straight-forward to enable support for the system call. The only
difficulty lies in the fact that its calling conventions are somewhat
different from "normal" system calls. So, we have to handle rt_sigreturn()
from within the syscallWrapper() and the segv() handler and cannot write
it in C code.
TEST=ad hoc testing until we have support for sigaction(). Then we can add a unittest
BUG=37728
Review URL: http://codereview.chromium.org/1739011
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@45774 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add some automated tests for seccomp-sandbox
This covers some of the syscalls that are proxied by the trusted process.
This adds a basic test runner framework.
Fix error return code for open() and other syscalls on x86-64
On error, the open() syscall was returning errno & 0xffffffff in %rax
on x86-64 instead of -errno. This stops glibc from regarding this as
an error, and so its syscall wrapper returns -errno instead of -1 and
does not set errno.
I have fixed up the other syscalls to use long (64-bit) instead of int
(32-bit) as well. Not all of them were affected by the problem: it
depends on gcc's code generation. Sometimes casting to int truncates
a value, sometimes it doesn't. It seems better to be consistent
though.
Adds a test for open() and some other syscalls.
TODO: Need to figure out how to run the tests automatically
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/1729003
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@45379 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We previously assumed that no signals would ever be enabled in the sandbox
and thus there was no way to trick the trusted thread into executing potentially
untrusted code.
In an attempt to lift this restriction, this changelist modifies the trusted
thread so that
- it has an invalid stack pointer at all times. Any attempt to handle a
signal would result in the kernel trying to push a signal stack, which
would immediately result in a SEGV and then terminate the application.
- all signals are blocked while outside of trusted code. If a signal is
triggered, it either gets handled on one of the sandboxed threads (for
asynchronous signals), or it results in the application getting terminated
by the kernel (for synchronous signals).
This changelist is difficult not only because eliminating all uses of the
stack pointer requires some very careful assembly coding, but more importantly
because we have to restore signals after we enter seccomp mode.
As sigprocmask() is a restricted system call, the only way to restore the
signal mask is by calling sigreturn() with a suitably tweaked signal
stack frame. While the first couple of bytes of the signal stack frame are
well-defined and unlikely to change, the entire signal stack frame is not
documented as part of the stable ABI. The exact format depends on the number of modified CPU registers (e.g. SSE, MMX, floating point, ...)
The only way for us to get a valid signal stack frame is to trigger a
signal, and to create a (possibly adjusted) copy of the signal frame. We
obviously have to do this _before_ we block all signals upon entering
trusted code.
The two places where this needs to happen is upon start of the sandbox when
launching the initial trusted thread, and upon any call to clone().
BUG=37728
TEST=Run chrome and verify that /proc/$PID/status shows the correct signal mask for trusted threads. The latter can be identified with strace.
Review URL: http://codereview.chromium.org/1594040
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@45055 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch removes the chromium_zygote_t type and adds a
chromium_renderer_t type. Also, a basic policy for chromium_renderer_t
is included.
I decided not to try to have a different policy for the zygote since
it just makes things more complex for little reason.
BUG=none
TEST=none
http://codereview.chromium.org/1104002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@44908 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
| |
(c.f. http://people.redhat.com/drepper/selinux-mem.html)
Fix compilation warnings on Fedora.
BUG=none
TEST=when running Chrome on Fedora, verify that we don't get AVC warnings
Review URL: http://codereview.chromium.org/1535004
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@43107 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
| |
BUG=32501
TEST=none
Review URL: http://codereview.chromium.org/1574001
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@42992 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a followup to an earlier change (r38266) which did most of the
warning-related cleanup. This one just flips the flag, and fixes some
new warnings that crept in during the window while the flag was off.
Second try, now with some libpng fixes.
BUG=34160
Review URL: http://codereview.chromium.org/1320011
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@42700 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
| |
Compiled locally and on trybots but failed on builder?!
This reverts commit r42688.
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@42689 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This is a followup to an earlier change (r38266) which did most of the
warning-related cleanup. This one just flips the flag, and fixes some
new warnings that crept in during the window while the flag was off.
BUG=34160
Review URL: http://codereview.chromium.org/597023
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@42688 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
| |
Make tcmalloc compatible with the seccomp sandbox by avoiding making direct system calls from within tcmalloc.
BUG=38973
TEST=none
Review URL: http://codereview.chromium.org/1294001
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@42667 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
| |
run correctly in 64 bit.
BUG=27218
Review URL: http://codereview.chromium.org/1168002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@42392 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
| |
TBR=markus
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/1107001
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@41931 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
| |
sandbox.
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/1076001
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@41917 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
| |
is going to be skewed slightly, as calling gettimeofday() by itself also
takes a little bit of time. But it should be good enough to allow us to see
where we have performance bottlenecks.
TEST=none
BUG=none
Review URL: http://codereview.chromium.org/997009
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@41905 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
| |
TBR=cpu
Review URL: http://codereview.chromium.org/1002009
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@41832 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
| |
- Enable registry, file and event policy
- Now sbox_integration_tests.exe runs and all tests pass
BUG=27218
TEST=included
Review URL: http://codereview.chromium.org/992003
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@41673 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- broke integration tests
See http://codereview.chromium.org/757001
BUG=27218
TEST=included
No change in the original files.
The only changes are in the files:
sandbox/src/registry_dispatcher.cc
sandbox/src/registry_dispatcher.h
sandbox/src/filesystem_dispatcher.cc
Because now even in 32 bits the handles map to void pointers
Review URL: http://codereview.chromium.org/873006
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@41523 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Handling pointer sized items
Beefing up unit tests
Beefing up integration tests
Enabling Process, Thread and Token IPCs
Making validation tests compile again
BUG=27218
TEST= unit tests included
Review URL: http://codereview.chromium.org/757001
TBR=cpu@chromium.org
Review URL: http://codereview.chromium.org/871008
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@41491 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Handling pointer sized items
- Beefing up unit tests
- Beefing up integration tests
- Enabling Process, Thread and Token IPCs
- Making validation tests compile again
BUG=27218
TEST= unit tests included
Review URL: http://codereview.chromium.org/757001
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@41481 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
| |
C:\b\slave\chromium-rel-xp\build\src\sandbox\src\sandbox.cc(16) : warning C4010: single-line comment contains line-continuation character
Review URL: http://codereview.chromium.org/788003
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@41164 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This sets up useful flags like -Wall -Werror etc.
Also squash a compiler warning:
sandbox/linux/suid/process_util_linux.c: In function ‘AdjustOOMScore’:
sandbox/linux/suid/process_util_linux.c:25: error: format ‘%lu’ expects type ‘long unsigned int’, but argument 4 has type ‘pid_t’
BUG=none
TEST=try-servers
Review URL: http://codereview.chromium.org/733001
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@41161 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
| |
BUG=32501
TEST=none
Review URL: http://codereview.chromium.org/672011
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@40946 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
were observed on some machines (in particular in 32bit mode).
- Some more changes to avoid calling into glibc when we can make a direct
system call, instead. These particular call sites were unlikely to cause
any problems. But it makes the code easier to audit if we avoid all
unnecessary calls into glibc.
- In 64bit mode, gettimeofday() is handled by vsyscalls and tends to be cheap.
In 32bit mode, it is just a regular system call. Some users rely on being
able to call gettimeofday() at a very high rate (up to thousands of
consecutive calls). Recognize this system call pattern and optimize for it.
- Add debugging option that allows us to warn about expensive system calls.
In many cases, these warnings can then be used to optimize the sandboxed
application.
- Fix compilation on newer versions of gcc.
- Changed the x86-32 version of the code that we use when intercepting
system calls. Previously, we would use CALL to jump to the set of
instructions that we had relocated. But we made the mistake of allowing
relocation of instructions that reference %esp. This doesn't work, as
CALL modifies the stack. We now avoid using CALL and instead jump
directly. On x86-32 that requires the use of a PUSH/RET combination as
there is no 32bit wide JMP instruction.
The x86-64 version of the code was already written in a way that would
avoid this particular problem.
(I would like to thank Craig Schlenter for his exceptional detective
work in tracking down the root cause of this bug!)
- For debugging purposes, injected a really small library (less than 4kB)
and discovered that some of our memory map manipulations implicitly
relied on mappings to be at least two pages long. Fixed the code that
made this incorrect assumption.
- For really small libraries, the runtime linker can choose a different
more compact layout. Our computation of the ASR offset did not know how
to deal with that. Fixed by explicitly looking for a ".text" segment
instead of looking for a PT_DYNAMIC section.
- Closed a file descriptor that we kept open longer than needed.
- Removed some unused code.
- Added copyright headers
TEST=tested on i386 and x86-64
BUG=36133
Review URL: http://codereview.chromium.org/661438
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@40900 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Still waiting for IPC to be able to test anything.
BUG=27218
TEST=none
Review URL: http://codereview.chromium.org/669128
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@40700 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
-IPC unit tests enabled
-Integration IPCTest test enabled
-All unit test pass (62 tests)
Other tests require interceptor fu.
BUG=27218
TEST= unit tests included
Review URL: http://codereview.chromium.org/661299
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@40485 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This avoids false positives if the directory name matches one of the well-known
library names (e.g. ld).
False positives not only result in a performance hit at startup, because we
are now trying to instrument libraries that don't actually contain any system
calls; but even worse than this, we could try to instrument system calls in
the sandboxing code itself. And those system calls are deliberately coded so
that they will not get rewritten.
Fortunately, none of this is a security problem. If we accidentally rewrite
system calls that weren't supposed to be rewritten, we will just crash on
startup.
TEST=the sandbox now works on the buildbots
BUG=36133
Review URL: http://codereview.chromium.org/652188
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@39839 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
| |
code hard to understand (and possibly broken) otherwise, some versions of
GCC complain about the comparison without the cast.
TEST=none
BUG=none
Review URL: http://codereview.chromium.org/657034
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@39838 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
this means the calls will still be denied. But we now return a correct return
code.
But more importantly, this change brings the source code in line with the code
of the stand-alone opensource sandbox. Wherever possible, we try to keep both
code bases identical.
TEST=none
BUG=none
Review URL: http://codereview.chromium.org/657040
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@39837 0039d316-1c4b-4281-b951-d872f2087c98
|
| |
|
|
|
|
|
|
|
|
|
| |
temporary directory.
BUG=30926
TEST=tested with tmpfs, ext3 and NFS
Review URL: http://codereview.chromium.org/650177
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@39679 0039d316-1c4b-4281-b951-d872f2087c98
|
