https://chromium-review.googlesource.com/c/chromiumos/overlays/portage-stable/+/1070977

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/autotest/+/2bc778addba9057817fa8c7ebd79848f5cd8388a

commit 2bc778addba9057817fa8c7ebd79848f5cd8388a
Author: Mattias Nissler <mnissler@chromium.org>
Date: Wed May 30 00:15:21 2018

security_ASLR: Stop using ps' -C flag in favor of pidof invocation

ps grabs the command name from /proc/${pid}/{comm,stat,status}, backed
by the task struct's comm buffer maintained in the kernel. This buffer
has been limited to 16 characters for a long time, but has been
enlarged recently.

Newer procps versions have followed suit and enlarged their buffers,
however in a backwards-incompatible way: If a new procps is running
against an old kernel, it'll receive only 16 bytes worth of comm.
Commands that overflow the comm buffer thus no longer match the larger
strings user space may compare against, e.g. somewhatlongercmd would
be returned by an old kernel as "somewhatlongercm", but ps -C
somewhatlongercmd wouldn't see it since comparison differs at the
final 'd' character, which the larger userspace buffer will now
detect.

Furthermore, note that the -C flag to ps has always been fragile since
ps would consider every process with a matching comm buffer a match,
but this only takes into account the 16 (now 64) character prefix of
the actual command (i.e. ps -C "somewhatlongercmd123" would have
matched "somewhatlongercmd" processes as well).

Given all this, switch the code to avoid ps' -C flag in favor of a
separate pidof invocation. pidof will consult /proc/${pid}/cmdline
instead, which hopefully will provide more robust results.

BUG= chromium:846262 
TEST=Builds and passes tests.

Change-Id: I5c361b5659b1f2128138af6f6aa9d5fb2bb7a9d6
Reviewed-on: https://chromium-review.googlesource.com/1075187
Commit-Ready: Mattias Nissler <mnissler@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>

[modify] https://crrev.com/2bc778addba9057817fa8c7ebd79848f5cd8388a/client/site_tests/security_ASLR/security_ASLR.py

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/overlays/portage-stable/+/1fc22b65d467765581e6eee54fd6e1a9339f4a08

commit 1fc22b65d467765581e6eee54fd6e1a9339f4a08
Author: Mattias Nissler <mnissler@chromium.org>
Date: Wed May 30 00:15:22 2018

sys-process/procps: Uprev to 3.3.15-r1

Bring in a new version from upstream with various fixes. Only changes vs.
upstream is the usual KEYWORDS=* adjustment.

BUG= chromium:846262 
TEST=Builds and passes tests.
CQ-DEPEND=CL:1075187

Change-Id: Id55eff5798e01b3e5371d3ef0090f48a4b055264
Reviewed-on: https://chromium-review.googlesource.com/1070977
Commit-Ready: Mattias Nissler <mnissler@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>

[modify] https://crrev.com/1fc22b65d467765581e6eee54fd6e1a9339f4a08/sys-process/procps/Manifest
[delete] https://crrev.com/3d704a7ed845873a95da607c1936022161e6a028/sys-process/procps/files/procps-3.3.12-strtod_nol_err.patch
[add] https://crrev.com/1fc22b65d467765581e6eee54fd6e1a9339f4a08/sys-process/procps/procps-3.3.15-r1.ebuild
[delete] https://crrev.com/3d704a7ed845873a95da607c1936022161e6a028/sys-process/procps/files/procps-3.3.8-kill-neg-pid.patch
[delete] https://crrev.com/3d704a7ed845873a95da607c1936022161e6a028/sys-process/procps/procps-3.3.12.ebuild

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot