Google Git
Sign in
gfiber / vendor / google / minijail / bce609d2455ca98c0f3c75fd2a791b522d1b41e4
commitbce609d2455ca98c0f3c75fd2a791b522d1b41e4[log] [tgz]
authorRicky Zhou <rickyz@google.com>Wed Mar 02 21:47:56 2016 -0800
committerRicky Zhou <rickyz@chromium.org>Wed Mar 02 21:59:57 2016 -0800
tree1217f7c9f2b0d2c7ebece8e493dce9ebc0122ba2
parent7ea269e060ec85eaf94ccf95033a6a6857fcff4e [diff]
Do not leak outside root dir fd into the child.

Also adds O_CLOEXEC to all open calls to be on the safe side.  In the
future, we should look into doing some sanity checks before execve like
Chromium's sandbox does:
https://code.google.com/p/chromium/codesearch#chromium/src/sandbox/linux/services/credentials.cc&l=320

If we want to further prevent people from shooting themselves in the
foot, we could also check that no fds are open, except for duping
/dev/null over 0, 1, and 2.

TEST=Built and tested that an fd to / is not leaked.

Bug: None
Change-Id: I41993a6aec9ce48bd34d191c3949f313ba80ca73
1 file changed
tree: 1217f7c9f2b0d2c7ebece8e493dce9ebc0122ba2
  1. examples/
  2. test/
  3. tools/
  4. .clang-format
  5. Android.mk
  6. arch.h
  7. bpf.c
  8. bpf.h
  9. common.mk
  10. CPPLINT.cfg
  11. elfparse.c
  12. elfparse.h
  13. gen_constants.sh
  14. gen_syscalls.sh
  15. libconstants.h
  16. libminijail-private.h
  17. libminijail.c
  18. libminijail.h
  19. libminijail.pc.in
  20. libminijail_unittest.c
  21. libminijailpreload.c
  22. libsyscalls.h
  23. Makefile
  24. minijail0.1
  25. minijail0.5
  26. minijail0.c
  27. MODULE_LICENSE_BSD
  28. NOTICE
  29. OWNERS
  30. platform2_preinstall.sh
  31. PRESUBMIT.cfg
  32. signal_handler.c
  33. signal_handler.h
  34. syscall_filter.c
  35. syscall_filter.h
  36. syscall_filter_unittest.c
  37. test_harness.h
  38. util.c
  39. util.h