From f6c52338609c76cf8b7b68fafd27834e48d10f90 Mon Sep 17 00:00:00 2001 From: "mseaborn@chromium.org" Date: Fri, 9 May 2014 13:53:08 +0000 Subject: Non-SFI NaCl: Avoid exposing validation caching key to Non-SFI nexes This per-profile key is an extra input into the hashing that NaCl's validation cache does. Hiding this key means that even if we did accidentally expose SetKnownToValidate() to Non-SFI nexes, the nexe wouldn't be able to create a hole in the SFI NaCl sandbox. We should hide this key to reduce the attacker's ability to generate collisions in hash-based caching. Also hide some other startup parameters that aren't relevant to Non-SFI mode. BUG=367263 TEST=browser_tests R=jln@chromium.org Review URL: https://codereview.chromium.org/275513002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@269270 0039d316-1c4b-4281-b951-d872f2087c98 --- components/nacl/loader/nacl_listener.cc | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) (limited to 'components/nacl/loader') diff --git a/components/nacl/loader/nacl_listener.cc b/components/nacl/loader/nacl_listener.cc index f49e3f3..e7b8f4c 100644 --- a/components/nacl/loader/nacl_listener.cc +++ b/components/nacl/loader/nacl_listener.cc @@ -375,10 +375,16 @@ void NaClListener::OnStart(const nacl::NaClStartParams& params) { #if defined(OS_LINUX) if (uses_nonsfi_mode_) { - if (params.uses_irt) { - LOG(ERROR) << "IRT must not be used for non-SFI NaCl."; - return; - } + // Ensure that the validation cache key (used as an extra input to the + // validation cache's hashing) isn't exposed accidentally. + CHECK(!params.validation_cache_enabled); + CHECK(params.validation_cache_key.size() == 0); + CHECK(params.version.size() == 0); + // Ensure that a debug stub FD isn't passed through accidentally. + CHECK(!params.enable_debug_stub); + CHECK(params.debug_stub_server_bound_socket.fd == -1); + + CHECK(!params.uses_irt); CHECK(handles.size() == 1); int imc_bootstrap_handle = nacl::ToNativeHandle(handles[0]); nacl::nonsfi::MainStart(imc_bootstrap_handle); -- cgit v1.1