commit | bce609d2455ca98c0f3c75fd2a791b522d1b41e4 | [log] [tgz] |
---|---|---|
author | Ricky Zhou <rickyz@google.com> | Wed Mar 02 21:47:56 2016 -0800 |
committer | Ricky Zhou <rickyz@chromium.org> | Wed Mar 02 21:59:57 2016 -0800 |
tree | 1217f7c9f2b0d2c7ebece8e493dce9ebc0122ba2 | |
parent | 7ea269e060ec85eaf94ccf95033a6a6857fcff4e [diff] |
Do not leak outside root dir fd into the child. Also adds O_CLOEXEC to all open calls to be on the safe side. In the future, we should look into doing some sanity checks before execve like Chromium's sandbox does: https://code.google.com/p/chromium/codesearch#chromium/src/sandbox/linux/services/credentials.cc&l=320 If we want to further prevent people from shooting themselves in the foot, we could also check that no fds are open, except for duping /dev/null over 0, 1, and 2. TEST=Built and tested that an fd to / is not leaked. Bug: None Change-Id: I41993a6aec9ce48bd34d191c3949f313ba80ca73