Issue 1724002: Linux multiprocess crash reporter: use pipe instead of socketpair in the client.

Keyboard Shortcuts

	File
u :	up to issue
m :	publish + mail comments
M :	edit review message
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line
<Enter> :	respond to / edit current comment
d :	mark current comment as done

	Issue
u :	up to list of issues
m :	publish + mail comments
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue
# :	close issue

	Comment/message editing
<Ctrl> + s :	save comment
<Esc> :	cancel edit

Issue 1724002: Linux multiprocess crash reporter: use pipe instead of socketpair in the client. (Closed)

Can't Edit
Can't Publish+Mail
Start Review

Created:
10 years, 2 months ago by Jed Davis

Modified:
10 years ago

Reviewers:
Ted Mielczarek

CC:
google-breakpad-dev_googlegroups.com

Visibility:
Public.

More Reviews

Description

This makes the Linux multiprocess crash generation client easier to sandbox with
seccomp-bpf when chrooting and namespaces can't be used: if sendmsg and
socketpair are both allowed, then the process can send to arbitrary Unix-domain
named datagram sockets, which is potentially bad.  The filter can't inspect
socket-related calls' arguments on 32-bit x86 (see the socketcall(2) man page),
which includes the "type" parameter to socketpair(2).

Thus, this patch replaces the socket pair with a pipe.  This depends on issue
7724002 (although it's possible to adjust the code in question rather than
deleting it, if need be).

The other socket dependency is that the server sends a single byte to the child
with the MSG_DONTWAIT | MSG_NOSIGNAL flags — but the child ignores whether or
not that byte was read, so it suffices to simply close the fd and let the child
encounter end-of-file.  This patch does that.

Patch Set 1 #

Created: 10 years, 2 months ago

Download [raw] [tar.bz2]

		Unified diffs	Side-by-side diffs	Delta from patch set	Stats			Patch
	M	src/client/linux/crash_generation/crash_generation_client.cc	View		1 chunk	+1 line, -1 line	0 comments	Download
	M	src/client/linux/crash_generation/crash_generation_server.cc	View		1 chunk	+1 line, -8 lines	0 comments	Download

Messages

Total messages: 1

Expand All Messages | Collapse All Messages

LGTM

Expand All Messages | Collapse All Messages