New issue
Advanced search Search tips

Issue 730152 link

Starred by 1 user
Status: Duplicate
Merged: issue 730623
Owner:
jorgelo@chromium.org
Closed: Jun 2017
Cc:
vapier@chromium.org
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 2
Type: Bug



Sign in to add a comment

Use no-new-privs everywhere

Project Member Reported by jorgelo@chromium.org, Jun 6 2017 
no-new-privs is a good way to enforce process trees cannot elevate privilege. We have a way of verifying this in /proc/<pid>/status, so start using it more.
Project Member

Comment 1 by bugdroid1@chromium.org, Jun 8 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/autotest/+/03c4e8bbed52cdd732052a429295a8c850db52f3

commit 03c4e8bbed52cdd732052a429295a8c850db52f3
Author: Jorge Lucangeli Obes <jorgelo@chromium.org>
Date: Thu Jun 08 06:45:51 2017

Add check for NoNewPrivs to security_SandboxedServices.

BUG= chromium:730152 
TEST=Passes on kevin.

Change-Id: I0f4bcdc9d64aa69d0f56437602578458e2d14b92
Reviewed-on: https://chromium-review.googlesource.com/526492
Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org>
Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>

[modify] https://crrev.com/03c4e8bbed52cdd732052a429295a8c850db52f3/client/site_tests/security_SandboxedServices/baseline.lakitu
[modify] https://crrev.com/03c4e8bbed52cdd732052a429295a8c850db52f3/client/site_tests/security_SandboxedServices/baseline
[modify] https://crrev.com/03c4e8bbed52cdd732052a429295a8c850db52f3/client/site_tests/security_SandboxedServices/baseline.lakitu-gpu
[modify] https://crrev.com/03c4e8bbed52cdd732052a429295a8c850db52f3/client/site_tests/security_SandboxedServices/security_SandboxedServices.py
[modify] https://crrev.com/03c4e8bbed52cdd732052a429295a8c850db52f3/client/site_tests/security_SandboxedServices/baseline.whirlwind
[modify] https://crrev.com/03c4e8bbed52cdd732052a429295a8c850db52f3/client/site_tests/security_SandboxedServices/baseline.veyron_rialto
[modify] https://crrev.com/03c4e8bbed52cdd732052a429295a8c850db52f3/client/site_tests/security_SandboxedServices/baseline.moblab

Comment 2 by jorgelo@chromium.org, Jun 8 2017

Mergedinto: 730623
Status: Duplicate (was: Available)
For some reason I filed two bugs for NNP.

Sign in to add a comment