New issue
Advanced search Search tips

Issue 702355 link

Starred by 2 users
Status: Verified
Owner:
ljusten@chromium.org
Closed: Mar 2017
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 1
Type: Bug



Sign in to add a comment

Add mremap call to seccomp filters

Project Member Reported by rsorokin@chromium.org, Mar 16 2017 
.

Comment 1 by rsorokin@chromium.org, Mar 16 2017

Components: Enterprise

Comment 2 by ljusten@chromium.org, Mar 16 2017

Status: Started (was: Assigned)
Project Member

Comment 3 by bugdroid1@chromium.org, Mar 25 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform2/+/355a2ca506a873017d05a367a0d755d8d3a1bcc2

commit 355a2ca506a873017d05a367a0d755d8d3a1bcc2
Author: Lutz Justen <ljusten@chromium.org>
Date: Sat Mar 25 02:38:20 2017

authpolicy: Whitelist mremap and secure mmap

mremap should be safe, basically a realloc. Some logging operation
used it and it broke in a test.

Also prevents mmap from specifying (PROT_WRITE|PROT_EXEC) for
security reasons.

BUG= chromium:702355 
TEST=Ran tests

Change-Id: Ic8d8a408d36d0e475a8f9f18c4ede46331bcb456
Reviewed-on: https://chromium-review.googlesource.com/456744
Commit-Ready: Lutz Justen <ljusten@chromium.org>
Tested-by: Lutz Justen <ljusten@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>

[modify] https://crrev.com/355a2ca506a873017d05a367a0d755d8d3a1bcc2/authpolicy/seccomp_filters/authpolicy_parser-seccomp.policy
[modify] https://crrev.com/355a2ca506a873017d05a367a0d755d8d3a1bcc2/authpolicy/seccomp_filters/kinit-seccomp.policy
[modify] https://crrev.com/355a2ca506a873017d05a367a0d755d8d3a1bcc2/authpolicy/seccomp_filters/net_ads-seccomp.policy
[modify] https://crrev.com/355a2ca506a873017d05a367a0d755d8d3a1bcc2/authpolicy/seccomp_filters/smbclient-seccomp.policy

Comment 4 by rsorokin@chromium.org, Mar 25 2017

Status: Fixed (was: Started)
Project Member

Comment 5 by bugdroid1@chromium.org, Mar 28 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform2/+/bb1c1858937d92d9d7f995a533925f9d764cca07

commit bb1c1858937d92d9d7f995a533925f9d764cca07
Author: Lutz Justen <ljusten@chromium.org>
Date: Tue Mar 28 10:47:46 2017

authpolicy: Disallow PROT_WRITE|PROT_EXEC in mprotect

Allowing a memory location to be both writable and executable is like
inviting a burglar to install the door locking device. You open
yourself up to evil code adding more evil code in memory.

BUG= chromium:702355 
TEST=Ran tests and tested on device

Change-Id: Id6e29ef090fcccc0695bf7b6690d01823d17c3d7
Reviewed-on: https://chromium-review.googlesource.com/459797
Commit-Ready: Lutz Justen <ljusten@chromium.org>
Tested-by: Lutz Justen <ljusten@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>

[modify] https://crrev.com/bb1c1858937d92d9d7f995a533925f9d764cca07/authpolicy/seccomp_filters/authpolicy_parser-seccomp.policy
[modify] https://crrev.com/bb1c1858937d92d9d7f995a533925f9d764cca07/authpolicy/seccomp_filters/kinit-seccomp.policy
[modify] https://crrev.com/bb1c1858937d92d9d7f995a533925f9d764cca07/authpolicy/seccomp_filters/net_ads-seccomp.policy
[modify] https://crrev.com/bb1c1858937d92d9d7f995a533925f9d764cca07/authpolicy/seccomp_filters/smbclient-seccomp.policy

Comment 6 by dchan@google.com, May 30 2017

Labels: VerifyIn-60

Comment 7 by kathrelk...@chromium.org, Jul 6 2017

Status: Verified (was: Fixed)
bulk Verify of older or not-user-facing Chromad bugs

Sign in to add a comment