chromium/src
0
Fork 0
Code Activity
Files
7cfc830947279ad53143dabbb45cdbb4598c37a1
src/sandbox
History
Devon Loehr 8a1b40c608 Provide constant alternative for PTHREAD_STACK_MIN 
Variable-length arrays are not part of the C++ standard, and are
dangerous to use because they allocate a potentially-unbounded
amount of data on the stack. In addition, they trigger a clang warning
(-Wvla-extension) which is currently suppressed in Chromium builds.

This patch prevents the use of VLAs in launch_posix.cc and
credentials.cc by hardcoding a compile-time constant value for
use when PTHREAD_STACK_MIN when is not constant already. This allows
the sandbox code to remain async-signal-safe by allocating on the
stack without using VLAs.

To ensure the hardcoded value is large enough, we run a CHECK during
initialization. We use the initializer of an otherwise-unused global
variable to do so.

Bug: 349656479
Change-Id: I5f5661464e77bac36456d0b72530a0fba60a55bc
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5783847
Reviewed-by: Matthew Denton <mpdenton@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Devon Loehr <dloehr@google.com>
Reviewed-by: Ken Rockot <rockot@google.com>
Cr-Commit-Position: refs/heads/main@{#1352736}
2024-09-09 14:52:41 +00:00
..
linux
Provide constant alternative for PTHREAD_STACK_MIN
2024-09-09 14:52:41 +00:00
mac
Update SeatbeltTest to avoid unsafe buffer operations
2024-09-04 18:10:23 +00:00
policy
[Video Effects] Add kVideoEffects sandbox policy.
2024-09-06 05:43:53 +00:00
win
Revert "Parallel process launching"
2024-09-04 16:43:22 +00:00
BUILD.gn
COMMON_METADATA
constants.h
DEPS
DIR_METADATA
features.cc
features.gni
features.h
OWNERS
README.md
Fix missing link in sandbox docs
2024-07-01 20:54:38 +00:00
sandbox_export.h

README.md

Sandbox Library

This directory contains platform-specific sandboxing libraries. Sandboxing is a technique that can improve the security of an application by separating untrustworthy code (or code that handles untrustworthy data) and restricting its privileges and capabilities.

Each platform relies on the operating system's process primitive to isolate code into distinct security principals, and platform-specific technologies are used to implement the privilege reduction. At a high-level:

  • mac/ uses the Seatbelt sandbox. See the detailed design for more.
  • linux/ uses namespaces and Seccomp-BPF. See the detailed design for more.
  • win/ uses a combination of restricted tokens, distinct job objects, alternate desktops, and integrity levels. See the detailed design for more.

Built on top of the low-level sandboxing library is the //sandbox/policy component, which provides concrete policies and helper utilities for sandboxing specific Chromium processes and services. The core sandbox library cannot depend on the policy component.