summaryrefslogtreecommitdiffstats
path: root/sandbox
Commit message (Collapse)AuthorAgeFilesLines
* Linux: fix seccomp sandbox for GCC 4.4agl@chromium.org2009-08-131-2/+4
| | | | | | | http://codereview.chromium.org/164484 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@23318 0039d316-1c4b-4281-b951-d872f2087c98
* Linux sandbox: fix security issue.agl@chromium.org2009-08-121-2/+6
| | | | | | | | | | | | | | | | | | | | | (Reported by Julien Tinnes) Because the chroot helper process and the zygote share a FILES structure, the latter can race the former and change the value of cwd before it does chroot("."). Because of this, the zygote could chroot into a directory of its choosing. Once there, it could setup hardlinks to SUID binaries and possibly make them misbehave if they weren't sufficiently paranoid. This possibility should have been migigated by the removal of dangerous environment variables. However, we had to reinstate them in order to pass LD_LIBRARY_PATH because some setups don't have ld.so setup to use /usr/lib32 and also for ffmpeg. http://codereview.chromium.org/164427 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@23228 0039d316-1c4b-4281-b951-d872f2087c98
* Fix seccomp sandbox for gcc44markus@chromium.org2009-08-122-2/+2
| | | | | | | | | | | | Constness of return values and paramaters were causing compiler errors. BUG=19120 ISSUE=164373 Review URL: http://codereview.chromium.org/164414 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@23202 0039d316-1c4b-4281-b951-d872f2087c98
* Initial version of the Seccomp sandbox. Imported from ↵markus@chromium.org2009-08-1137-1/+11410
| | | | | | | | | | | http://code.google.com/p/seccompsandbox/ Make the seccomp sandbox dependant on the --enable-seccomp-sandbox flag Review URL: http://codereview.chromium.org/165310 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@23087 0039d316-1c4b-4281-b951-d872f2087c98
* Declare exe_name and cmd_line as const pointers and usewtc@chromium.org2009-07-231-7/+9
| | | | | | | | | | | | | | | const_cast only where necessary. Fix a FORWARD_NULL defect reported by Coverity. Pass cmd_line to sandbox::WideToMultiByte only if cmd_line is not NULL. R=rvargas BUG=http://crbug.com/17101 TEST=none Review URL: http://codereview.chromium.org/155969 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@21406 0039d316-1c4b-4281-b951-d872f2087c98
* Fix a FORWARD_NULL defect in ExtractModuleName reported by Coverity.wtc@chromium.org2009-07-232-6/+5
| | | | | | | | | | | | | | | | If 'sep' is still NULL after the for loop, ix must be -1, so ix == 0 cannot be true. Update the comment for ExtractModuleName in the header to match the implementation. I don't see any code that checks whether the path is a full path. R=rvargas BUG=http://crbug.com/17101 TEST=none Review URL: http://codereview.chromium.org/155979 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@21404 0039d316-1c4b-4281-b951-d872f2087c98
* Fix FORWARD_NULL defects reported by Coverity. We shouldwtc@chromium.org2009-07-222-3/+3
| | | | | | | | | | | also return an error if argv is NULL. R=rvargas BUG=http://crbug.com/17101 TEST=none Review URL: http://codereview.chromium.org/155904 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@21292 0039d316-1c4b-4281-b951-d872f2087c98
* Linux sandbox: save full list of SUID unsafe environment variables.agl@chromium.org2009-07-173-7/+81
| | | | | | | | | | | | | r20733 added code to save LD_LIBRARY_PATH when using the SUID sandbox. That fixed a P0, show-stopper bug, however, LD_LIBRARY_PATH isn't the only variable which is stomped when using SUID binaries. This patch extends support to all variables that we so affected. BUG=16815 http://codereview.chromium.org/159025 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@21009 0039d316-1c4b-4281-b951-d872f2087c98
* Linux sandbox: comment typo fix.agl@chromium.org2009-07-171-1/+1
| | | | git-svn-id: svn://svn.chromium.org/chrome/trunk/src@20961 0039d316-1c4b-4281-b951-d872f2087c98
* Linux: move hardcoded paths to GYP variables.agl@chromium.org2009-07-152-1/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch removes the hardcoded paths for the sandbox binary location and the chrome binary location for the sandbox. Instead, you can now set GYP variables for these things. Indeed, you have to set a GYP variable in order to use the sandbox now. GYP variables can be set on the command line, if you run gyp.py directly, with -D key=value. Or you can export GYP_DEFINES="key=value key2=value2". Now, in order to use the sandbox you should set: linux_sandbox_path=/opt/google/chrome/chrome-sandbox linux_sandbox_chrome_path=/opt/google/chrome/chrome (changing the paths as needed, of course). See the comments in build/common.gypi For development see http://code.google.com/p/chromium/wiki/LinuxSUIDSandboxDevelopment Because developers need to setup a special sandbox binary. http://codereview.chromium.org/149689 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@20801 0039d316-1c4b-4281-b951-d872f2087c98
* Linux: add comment to the sandbox binary as suggested by Markus.agl@chromium.org2009-07-151-1/+3
| | | | | | | (Because, otherwise, that chunk of code looks pretty scary.) git-svn-id: svn://svn.chromium.org/chrome/trunk/src@20746 0039d316-1c4b-4281-b951-d872f2087c98
* Linux: propagate LD_LIBRARY_PATH through the SUID sandbox.agl@chromium.org2009-07-151-0/+15
| | | | | | | | | | | | With the SUID sandbox, certain environment variables (esp LD_LIBRARY_PATH) are cleared for security reasons. This means that the child zygote process isn't run with the correct environment and can fail to start. BUG=16815 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@20733 0039d316-1c4b-4281-b951-d872f2087c98
* Linux: Fix sandbox defineagl@chromium.org2009-07-151-1/+1
| | | | | | | | | | build/common.gypi used CHROME_DEVEL_SANDBOX, while sandbox.cc was looking for DEVELOPMENT_SANDBOX (Patch by Joel Stanley) git-svn-id: svn://svn.chromium.org/chrome/trunk/src@20718 0039d316-1c4b-4281-b951-d872f2087c98
* Linux: various sandbox changesagl@chromium.org2009-07-151-0/+6
| | | | | | | | | | | | | * In development mode, don't let the sandbox run SUID or SGID binaries * Only obay CHROME_DEVEL_SANDBOX if the binary UID matches the read UID. * Change the default sandbox path to save those who do nothing. R=markus git-svn-id: svn://svn.chromium.org/chrome/trunk/src@20710 0039d316-1c4b-4281-b951-d872f2087c98
* Linux: fix for developing on a machine with google-chrome packages installed.agl@chromium.org2009-07-152-0/+47
| | | | | | | | | | | | | | | | | | | | | | | The latest google-chrome packages contain a sandbox binary, which the development builds of chromium will pick up on automatically. However, for safety reasons, the sandbox binary will only exec a fixed chrome binary location. Since development builds will be somewhere else in the filesystem, this means that they will fail to start their zygote processes and generally be very sad. However, we /do/ want people developing with the sandbox, but we don't want the general sandbox binary to be able to exec anything. We could have chromium try and find its sandbox binary relative to the build directory, but some people build on NFS and, since the sandbox binary needs to be SUID, this won't work for them. Instead, we add a new target: chrome_devel_sandbox which developers can use. This builds a sandbox binary that will exec anything which is owned by the running user. This alternative sandbox binary can be selected by exporting CHROME_DEVEL_SANDBOX. git-svn-id: svn://svn.chromium.org/chrome/trunk/src@20709 0039d316-1c4b-4281-b951-d872f2087c98
* Remove svn:executable property from some more files that don't need it.thestig@chromium.org2009-07-101-0/+0
| | | | | | | TBR=evmar Review URL: http://codereview.chromium.org/149471 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@20406 0039d316-1c4b-4281-b951-d872f2087c98
* Linux: don't bother passing the chroot directory fd to the zygote.agl@chromium.org2009-07-101-19/+3
| | | | | | | | | | | | | Markus pointed out that the cwd was already shared between the chroot helper process and the zygote, therefore we could avoid some complexity in passing the file descriptor so, also, we could then make the directory mode 0000. http://codereview.chromium.org/155366 BUG=16363 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@20398 0039d316-1c4b-4281-b951-d872f2087c98
* Linux: use a temp directory for the chroot.agl@chromium.org2009-07-101-6/+41
| | | | | | | | | | | | | | | Ubuntu systems (at least) wipe /var/run at boot time, which is deleting our sandbox directory. Instead, we have the SUID helper create a temp directory in /tmp, unlink it and use that for the chroot directory. A file descriptor is passed to the zygote process for it to fchdir into. (Thanks to fta for discussions on this.) BUG=16363 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@20388 0039d316-1c4b-4281-b951-d872f2087c98
* Build fix: scons doesn't support hyphens in target names.agl@chromium.org2009-07-081-1/+1
| | | | git-svn-id: svn://svn.chromium.org/chrome/trunk/src@20111 0039d316-1c4b-4281-b951-d872f2087c98
* Linux: SUID sandbox supportagl@chromium.org2009-07-082-0/+235
| | | | | | | | | | | | | | | | | | | | | * Make processes dumpable when they crash. * Find crashing processes by searching for a socket inode, rather than relying on SCM_CREDENTIALS. The kernel doesn't translate PIDs between PID namespaces with SCM_CREDENTIALS, so we can't use the PID there. * Use a command line flag to the renderer to enable crash dumping. Previously it tried to access the user's home directory for this information. * Search for a sandbox helper binary and, if found, use it. * Include the source for a sandbox helper binary. It's currently not built by default. http://codereview.chromium.org/149230 R=evan,markus BUG=8081 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@20110 0039d316-1c4b-4281-b951-d872f2087c98
* Fix: Off-by-one error in LowLevelPolicy::Done.yuzo@chromium.org2009-07-031-1/+1
| | | | | | | | | BUG=none TEST=n/a Review URL: http://codereview.chromium.org/150211 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@19875 0039d316-1c4b-4281-b951-d872f2087c98
* -Fix a wrong commentcpu@google.com2009-07-012-1/+4
| | | | | | | | | | | | | -Put a comment to clarify a behavior See coverity CID 1703 BUG=none TEST=none Review URL: http://codereview.chromium.org/150128 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@19700 0039d316-1c4b-4281-b951-d872f2087c98
* Fix potential memleak in GetArgs.finnur@chromium.org2009-06-301-6/+6
| | | | | | | | | BUG=None TEST=None Review URL: http://codereview.chromium.org/151045 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@19613 0039d316-1c4b-4281-b951-d872f2087c98
* Implements a Zip() utility function. Refactor existingaa@chromium.org2009-06-011-0/+0
| | | | | | | | Unzip-relatedness into shared locations. Review URL: http://codereview.chromium.org/118028 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@17305 0039d316-1c4b-4281-b951-d872f2087c98
* Explicitly enable /INCREMENTAL linking for gyp-generated Debug builds.sgk@google.com2009-05-221-0/+5
| | | | | | | | | | | | | | | | | | | | | | Explicitly disable it (/INCREMENTAL:NO) for Release, and for the following targets that require it: chrome.dll interactive_ui_tests.exe perf_tests.exe unit_tests.exe Explicitly specificy /SUBSYSTEM:CONSOLE as default for linking, and match current practice by overriding with /SUBSYSTEM:WINDOWS for: chrome.exe chrome.dll media_player.exe sandbox_poc.exe TEST=none BUG=none Review URL: http://codereview.chromium.org/115664 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@16698 0039d316-1c4b-4281-b951-d872f2087c98
* ZwOpenKeyEx is now documented at ↵nsylvain@chromium.org2009-05-213-8/+8
| | | | | | | | | | | | | | | | http://msdn.microsoft.com/en-us/library/dd535803.aspx The last unknown parameter is OpenOptions. We do not support it at this point, since it involves links, which wont be trivial to secure, and giving "special" privileges. Updating the code accordingly. BUG:7611 TEST:No code change Review URL: http://codereview.chromium.org/115640 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@16633 0039d316-1c4b-4281-b951-d872f2087c98
* Add more checks to be able to isolate why chrome cannotnsylvain@chromium.org2009-05-211-1/+22
| | | | | | | | | | | do a GetProcAddress of NtCreateFile. TEST:Nothing to test BUG:11789 Review URL: http://codereview.chromium.org/113659 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@16599 0039d316-1c4b-4281-b951-d872f2087c98
* Add support for alternate window station.nsylvain@chromium.org2009-05-2015-40/+427
| | | | | | | | | | TEST: Start chrome, make sure it loads pages, then user process explorer to make sure the WindowStation handle name is not the same as the browser process. BUG:10996 Review URL: http://codereview.chromium.org/113190 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@16483 0039d316-1c4b-4281-b951-d872f2087c98
* Fix a crash in the unittests caused by the fact that the order ofnsylvain@chromium.org2009-05-181-0/+12
| | | | | | | | | | | | | compilation of the files has changed. Some tests were assuming that g_nt was already defined. 2/3 of the tests were calling SetupNtdllImports(), so I made the rest call that too. Review URL: http://codereview.chromium.org/113548 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@16309 0039d316-1c4b-4281-b951-d872f2087c98
* Basic underpinnings of the gyp equivalent of the Linux SHARED=1 build:sgk@google.com2009-04-081-1/+1
| | | | | | | | | parameterize the 'type' setting of the various library targets, with a default of 'static_library'. (Hat tip to Craig Schlenter.) Review URL: http://codereview.chromium.org/62127 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@13345 0039d316-1c4b-4281-b951-d872f2087c98
* Remove the checked-in scons configuration files.sgk@google.com2009-04-0110-532/+0
| | | | | | Review URL: http://codereview.chromium.org/53121 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@12982 0039d316-1c4b-4281-b951-d872f2087c98
* Fix URL for sandboxing design doc.evan@chromium.org2009-03-276-8/+9
| | | | | | Review URL: http://codereview.chromium.org/55043 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@12715 0039d316-1c4b-4281-b951-d872f2087c98
* sbox_unit_tests -> sbox_unittestsbradnelson@google.com2009-03-251-1/+1
| | | | | | Review URL: http://codereview.chromium.org/45052 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@12464 0039d316-1c4b-4281-b951-d872f2087c98
* Sync sandbox WriteInto with updated version from basemark@chromium.org2009-03-252-17/+13
| | | | | | Review URL: http://codereview.chromium.org/45049 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@12456 0039d316-1c4b-4281-b951-d872f2087c98
* Switching sandbox to gyp on windows.bradnelson@google.com2009-03-232-0/+9
| | | | | | | | | Rolling forward deps on gyp to get 'copies' support. This time handled wow_helper. Review URL: http://codereview.chromium.org/42355 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@12270 0039d316-1c4b-4281-b951-d872f2087c98
* Revert 11946 since it is causing a build breakage on full rebuild. The maruel@chromium.org2009-03-181-0/+127
| | | | | | | | | | sandbox project wasn't copying wow_helper.exe anymore, causing a build breakage on x64 platforms only. TBR=bnelson Review URL: http://codereview.chromium.org/42328 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@11955 0039d316-1c4b-4281-b951-d872f2087c98
* Moving sbox to gyp on windows.bradnelson@google.com2009-03-181-127/+0
| | | | | | | | | (Also fixing missing property on sdch.) Review URL: http://codereview.chromium.org/42317 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@11946 0039d316-1c4b-4281-b951-d872f2087c98
* Fix incorrect include guards in sandbox/. Guards now match their filename.deanm@chromium.org2009-03-175-11/+11
| | | | | | | Review URL: http://codereview.chromium.org/48073 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@11868 0039d316-1c4b-4281-b951-d872f2087c98
* Removed unneeded includes of base/scoped_ptr.h. Reduce usage from ~800 files ↵thestig@chromium.org2009-03-135-4/+1
| | | | | | | | to ~400. Review URL: http://codereview.chromium.org/46039 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@11651 0039d316-1c4b-4281-b951-d872f2087c98
* Remove logging.h from cc files that don't use it.thestig@chromium.org2009-03-128-8/+0
| | | | | | Review URL: http://codereview.chromium.org/42155 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@11593 0039d316-1c4b-4281-b951-d872f2087c98
* Remove unneeded uses of logging.h in header files.thestig@chromium.org2009-03-122-1/+1
| | | | | | Review URL: http://codereview.chromium.org/43148 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@11590 0039d316-1c4b-4281-b951-d872f2087c98
* Pointing slns at generated vcprojs from base.bradnelson@google.com2009-03-121-39/+36
| | | | | | Review URL: http://codereview.chromium.org/42047 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@11520 0039d316-1c4b-4281-b951-d872f2087c98
* NO CODE CHANGEdeanm@chromium.org2009-03-11173-180/+0
| | | | | | | | | Normalize end of file newlines in sandbox/. All files end in a single newline. Review URL: http://codereview.chromium.org/43080 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@11447 0039d316-1c4b-4281-b951-d872f2087c98
* Adding fixed guids to some modules to facilitate incremental switch to gyp.bradnelson@google.com2009-03-101-0/+1
| | | | | | Review URL: http://codereview.chromium.org/42044 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@11388 0039d316-1c4b-4281-b951-d872f2087c98
* Slight code change to make some global variables const.maruel@google.com2009-03-104-11/+13
| | | | | | | Fix >80 cols lines. Review URL: http://codereview.chromium.org/42013 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@11342 0039d316-1c4b-4281-b951-d872f2087c98
* Snapshotting progress.bradnelson@google.com2009-03-091-0/+316
| | | | | | | | | Got app and unit_tests linking with gyp under windows. Still missing pieces (things don't run). Review URL: http://codereview.chromium.org/39319 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@11302 0039d316-1c4b-4281-b951-d872f2087c98
* Fixes CRLF and trailing white spaces.maruel@chromium.org2009-03-055-5/+5
| | | | git-svn-id: svn://svn.chromium.org/chrome/trunk/src@10982 0039d316-1c4b-4281-b951-d872f2087c98
* In windows 7 there is a new Reg call that we need tonsylvain@chromium.org2009-02-134-8/+48
| | | | | | | | | | | | | | | | | hook. NtOpenKeyEx. I don't know what the last parameter is. I suspect it's a reserved flag for "options". (As in RegOpenKeyEx). I do not handle the case where this unknown flag is non-zero. The current unit tests covers this code. bug:7611 Review URL: http://codereview.chromium.org/20287 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@9762 0039d316-1c4b-4281-b951-d872f2087c98
* Sandbox: Add support for Windows 7 - 64 bit.rvargas@google.com2009-02-032-15/+43
| | | | | | | | | | BUG=4324 TEST=IntegrationTestsTest.* Review URL: http://codereview.chromium.org/20026 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@9104 0039d316-1c4b-4281-b951-d872f2087c98
* revert r9096. rvargas@google.com2009-02-032-41/+15
| | | | | | | TBD nsylvain git-svn-id: svn://svn.chromium.org/chrome/trunk/src@9097 0039d316-1c4b-4281-b951-d872f2087c98
generated by cgit v1.1 at 2025-01-18 19:36:35 +0000