New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 1 user

Issue metadata

Status: Fixed
Owner:
Email to this user bounced
Closed: Jan 2013
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 1
Type: Bug-Security



Sign in to add a comment

Security: Workers don't initialize a sandbox on Mac

Project Member Reported by jln@chromium.org, Nov 28 2012

Issue description

It looks as if workers don't have a sandbox on Mac.

Is it just a matter of calling InitializeSandbox from worker_main.cc ?

Jeremy: sorry, I didn't find your chromium@ address. FYI, on Linux at least workers are very similar to renderers as far as sandboxing is concerned.
Do you mind assigning this to yourself?

If this is not a bug, but rather a "missing feature", let me know so that I can change the labels accordingly.

 
Really late locally so I can't look at the code, but yes, that's the idea.

You need to do it as soon as you can after startup because any resources that you have when the sandbox is initialized stay with you (e.g. open a file, file stays open even if it's restricted by the sandbox profile).

P.S. jeremy@chromium.org is me.

Comment 2 by jln@chromium.org, Nov 28 2012

Owner: jeremy@chromium.org
Status: Assigned
Ok, I hope you don't mind if I assign this directly to you.

There is no emergency in fixing this, but please take a look when you can. Depending on how comfortable you are that this is safe, we could also merge it to 24.
Project Member

Comment 3 by bugdroid1@chromium.org, Dec 17 2012

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=173432

------------------------------------------------------------------------
r173432 | jeremy@chromium.org | 2012-12-17T09:04:27.284444Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/content/common/sandbox_init_mac.h?r1=173432&r2=173431&pathrev=173432
   M http://src.chromium.org/viewvc/chrome/trunk/src/content/worker/worker_main.cc?r1=173432&r2=173431&pathrev=173432

Sandbox the worker process on Mac

When we transitioned to content it looks like we lost the Mac sandbox for workers, this CL re-enables it.

Also, update the comment in sandbox_init_mac.h

BUG= 163208 
TEST=Chrome should continue to work correctly.

Review URL: https://chromiumcodereview.appspot.com/11590006
------------------------------------------------------------------------

Comment 4 by jeremy@chromium.org, Dec 17 2012

Owner: dharani@chromium.org
Dharani: Can I merge this back to m24 if nothing breaks in the next week?
Labels: -Mstone-25 Mstone-24 Merge-Approved
Merge approved for M24. Please merge it in 1312 branch.
Project Member

Comment 6 by bugdroid1@chromium.org, Jan 2 2013

Labels: -Merge-Approved merge-merged-1312
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=174806

------------------------------------------------------------------------
r174806 | dharani@google.com | 2013-01-02T17:35:18.515314Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/branches/1312/src/content/worker/worker_main.cc?r1=174806&r2=174805&pathrev=174806
   M http://src.chromium.org/viewvc/chrome/branches/1312/src/content/common/sandbox_init_mac.h?r1=174806&r2=174805&pathrev=174806

Merge 173432
> Sandbox the worker process on Mac
> 
> When we transitioned to content it looks like we lost the Mac sandbox for workers, this CL re-enables it.
> 
> Also, update the comment in sandbox_init_mac.h
> 
> BUG= 163208 
> TEST=Chrome should continue to work correctly.
> 
> Review URL: https://chromiumcodereview.appspot.com/11590006

TBR=jeremy@chromium.org
Review URL: https://codereview.chromium.org/11737004
------------------------------------------------------------------------
Status: Fixed
Labels: -Restrict-View-SecurityTeam Restrict-View-SecurityNotify Release-1
Labels: -Release-1 Release-0
Labels: CVE-2012-5155
Project Member

Comment 11 by bugdroid1@chromium.org, Mar 10 2013

Labels: -Type-Security -Area-Internals -Mstone-24 -SecImpacts-Stable -SecSeverity-Medium Security-Impact-Stable Security-Severity-Medium Cr-Internals M-24 Type-Bug-Security

Comment 12 by jln@chromium.org, Mar 14 2013

Cc: dalecur...@chromium.org jeremy@chromium.org
Apparently this was not fixed properly: https://codereview.chromium.org/12829005/

Dale: I linked this bug to your CL for now, but do you mind starting a new one ? This will need to be merged back etc.
I opened  issue 196335 .
Whoops, I left the old BUG= entry when committing. My patch set didn't touch this actually.
Project Member

Comment 16 by bugdroid1@chromium.org, Mar 21 2013

Labels: -Security-Impact-Stable Security_Impact-Stable
Project Member

Comment 17 by bugdroid1@chromium.org, Mar 21 2013

Labels: -Security-Severity-Medium Security_Severity-Medium
Labels: -Restrict-View-SecurityNotify
Bulk release of old security bug reports.

Project Member

Comment 19 by sheriffbot@chromium.org, Oct 1 2016

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 20 by sheriffbot@chromium.org, Oct 2 2016

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Labels: allpublic
Labels: CVE_description-submitted
Project Member

Comment 23 by sheriffbot@chromium.org, Jul 29

Labels: -Pri-2 Pri-1

Sign in to add a comment