Issue 909920 link

Starred by 1 user

Issue metadata

Status:	Untriaged
Owner:	----
Cc:	xzhou@chromium.org
Components:	Platform>Apps>ARC
EstimatedDays:	----
NextAction:	----
OS:	Chrome
Pri:	3
Type:	Bug

Add some kind of sanity checking for CONTAINER_PID env var in arc-sensor.conf

Project Member Reported by mortonm@chromium.org, Nov 28

Issue description

Any services that have method_call EmitEvent privs on the D-Bus com.ubuntu.Upstart send_destination (com.ubuntu.Upstart0_6 send_interface) can cause arc-sensor.conf to run the mknod command in the context of the namespace of any arbitrary process, which is bad in the case that said namespace bind mounts (controls) the program at /system/bin/mknod.

We should add some kind of sanity checking here if possible. This is a follow-up of crbug.com/884917.

Comment 1 by mortonm@chromium.org, Nov 28

Code pointer here: https://chromium.googlesource.com/chromiumos/platform2/+/master/arc/setup/etc/arc-sensor.conf#60

Comment 2 by vapier@chromium.org, Nov 28

Components: -OS>Systems>Containers Platform>Apps>ARC

Comment 3 by louiscollard@chromium.org, Dec 12

Components: -OS>Systems>Security

►

Issue 909920 link

Issue metadata

Add some kind of sanity checking for CONTAINER_PID env var in arc-sensor.conf

Issue description

Comment 1 by mortonm@chromium.org, Nov 28

Comment 1 Deleted

Comment 2 by vapier@chromium.org, Nov 28

Comment 2 Deleted

Comment 3 by louiscollard@chromium.org, Dec 12

Comment 3 Deleted

Sign in to add a comment