New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 48607 link

Starred by 13 users

Issue metadata

Status: Fixed
Owner:
Email to this user bounced
Closed: Mar 2011
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 1
Type: Feature

Blocked on:
issue 65344

Restricted
  • Only users with EditIssue permission may comment.



Sign in to add a comment

Sandbox GPU process

Project Member Reported by hbridge@google.com, Jul 8 2010

Issue description

We need to work on locking down the GPU process as much as possible.  Assigning to cpu for now.
 

Comment 1 by hbridge@google.com, Jul 8 2010

Labels: Mstone-7

Comment 2 by cpu@chromium.org, Jul 9 2010

I hear nicolas wants to do it. 
Al, let me know if you need my help

Comment 4 by hbridge@google.com, Sep 21 2010

Labels: -Mstone-7 Mstone-8
moving to M8

Comment 5 by kerz@chromium.org, Sep 29 2010

Labels: Area-Internals
Labels: Mstone-9
Changing milestone from Mstone8 to Mstone-9
Labels: -mstone-9 Mstone-10
Given our current velocity, we need to punt 500 bugs from m9.  Moving p2 bugs, that are not started and have an owner, to the next milestone.  If this issue absolutely needs to be fixed in the current milestone please move it back, however, at this time the focus should be on p1 bugs.

Comment 8 by jsc...@chromium.org, Nov 30 2010

Labels: Security

Comment 9 by jsc...@chromium.org, Nov 30 2010

Project Member

Comment 11 by bugdroid1@chromium.org, Dec 2 2010

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=67939

------------------------------------------------------------------------
r67939 | thakis@chromium.org | Wed Dec 01 17:48:37 PST 2010

Changed paths:
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/common/sandbox_mac_unittest_helper.mm?r1=67939&r2=67938&pathrev=67939
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/renderer/renderer_main.cc?r1=67939&r2=67938&pathrev=67939
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/common/child_process.cc?r1=67939&r2=67938&pathrev=67939
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/chrome_browser.gypi?r1=67939&r2=67938&pathrev=67939
 A http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/gpu.sb?r1=67939&r2=67938&pathrev=67939
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/common/sandbox_init_wrapper.h?r1=67939&r2=67938&pathrev=67939
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/common/sandbox_mac.mm?r1=67939&r2=67938&pathrev=67939
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/common/chrome_switches.cc?r1=67939&r2=67938&pathrev=67939
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/gpu_process_host.cc?r1=67939&r2=67938&pathrev=67939
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/common/sandbox_mac.h?r1=67939&r2=67938&pathrev=67939
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/common/chrome_switches.h?r1=67939&r2=67938&pathrev=67939
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/common/sandbox_init_wrapper_mac.cc?r1=67939&r2=67938&pathrev=67939
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/app/chrome_main.cc?r1=67939&r2=67938&pathrev=67939
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/gpu/gpu_main.cc?r1=67939&r2=67938&pathrev=67939

Mac: Scaffolding for sandboxing GPU process.

The sandbox config allows everything for now; I will put in restrictions in a follow-up CL (which should be small).

This CL should have no visible effect (other than changing a few LOG(WARNING) to LOG(ERROR)).

BUG= 48607 
TEST=GPU process still works

Review URL: http://codereview.chromium.org/5491001
------------------------------------------------------------------------
Blockedon: 65344
Project Member

Comment 13 by bugdroid1@chromium.org, Dec 5 2010

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=68321

------------------------------------------------------------------------
r68321 | thakis@chromium.org | Sun Dec 05 11:40:53 PST 2010

Changed paths:
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/common/sandbox_mac_unittest_helper.mm?r1=68321&r2=68320&pathrev=68321
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/gpu.sb?r1=68321&r2=68320&pathrev=68321
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/common/sandbox_mac.mm?r1=68321&r2=68320&pathrev=68321
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/common/chrome_switches.cc?r1=68321&r2=68320&pathrev=68321
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/common/sandbox_mac.h?r1=68321&r2=68320&pathrev=68321
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/common/sandbox_init_wrapper_mac.cc?r1=68321&r2=68320&pathrev=68321

Mac: Tell the GPU sandbox to deny a few things.

It's now no longer allowed to do network requests and can't access most files.

Here are the stacks that it prints if I patch in http://codereview.chromium.org/1765005/show: http://codepad.org/6zrJfnlB

BUG= 48607 
TEST=GPU stuff still works. When you run with --enable-sandbox-logging, quite a bunch of stuff is logged as "denied".

Review URL: http://codereview.chromium.org/5580002
------------------------------------------------------------------------

Comment 14 by kerz@chromium.org, Dec 9 2010

Labels: -Mstone-10 MovedFrom-10 Mstone-11
P2 bugs with an owner that are not marked as started are being automatically moved to mstone:11.
Labels: -MovedFrom-10 -Mstone-11 Mstone-10
Pushing back to m10 because this is a hard requirement for the m10 release.

Comment 16 by hbridge@google.com, Dec 11 2010

Labels: -Pri-2 -Feature-GPU-Process Pri-1 Feature-GPU-Internals

Comment 17 by hbridge@google.com, Jan 26 2011

Labels: -Mstone-10 Mstone-11
discussed with jschuch and crogers, can't make m10 given scope of changes, moving back to 11.
Status: Started
Project Member

Comment 20 by bugdroid1@chromium.org, Mar 3 2011

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=76675

------------------------------------------------------------------------
r76675 | cpu@chromium.org | Wed Mar 02 16:31:33 PST 2011

Changed paths:
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/common/sandbox_policy.cc?r1=76675&r2=76674&pathrev=76675
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/gpu/DEPS?r1=76675&r2=76674&pathrev=76675
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/gpu/gpu_thread.h?r1=76675&r2=76674&pathrev=76675
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/gpu/gpu_thread.cc?r1=76675&r2=76674&pathrev=76675
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/gpu/gpu_main.cc?r1=76675&r2=76674&pathrev=76675

Sandbox the GPU process for Windows

The policy is fairly restrictive token-wise but still the process
needs access to the interactive desktop.

Tweaks to the Job level in a different CL once it has baked in the dev channel.

BUG= 48607 
TEST=see bug.



Review URL: http://codereview.chromium.org/6594100
------------------------------------------------------------------------
Status: Fixed
The GPU process is now sandboxed. As cpu noted, it still runs on the interactive desktop. I am investigating ways to get it off the interactive desktop. Also, tweaks to the job level and some cleanup remain.
@apatrick - We still need to eventually move the windows GPU process to its own desktop, and Linux doesn't have a GPU sandbox yet. Would you prefer I reopen this, or file separate bugs for those issue?
Getting the GPU process off the interactive desktop and sandboxing on linux should be separate bugs I think. Also, we should be able to remove access to /tmp from the GPU process on mac now since the GPU process no longer creates shared memory.
Labels: Review-Security
Project Member

Comment 25 by bugdroid1@chromium.org, Oct 13 2012

Blockedon: -chromium:65344 chromium:65344
Labels: Restrict-AddIssueComment-Commit
This issue has been closed for some time. No one will pay attention to new comments.
If you are seeing this bug or have new data, please click New Issue to start a new bug.
Project Member

Comment 26 by bugdroid1@chromium.org, Mar 10 2013

Labels: -Feature-GPU-Internals -Area-Internals -Mstone-11 Cr-Internals-GPU-Internals Cr-Internals M-11
Project Member

Comment 27 by bugdroid1@chromium.org, Mar 13 2013

Labels: -Restrict-AddIssueComment-Commit Restrict-AddIssueComment-EditIssue

Sign in to add a comment