Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(33)

Issue 1724002: Linux multiprocess crash reporter: use pipe instead of socketpair in the client. (Closed)

Can't Edit
Can't Publish+Mail
Start Review
Created:
6 years, 8 months ago by Jed Davis
Modified:
6 years, 6 months ago
Reviewers:
Ted Mielczarek
CC:
google-breakpad-dev_googlegroups.com
Visibility:
Public.

Description

This makes the Linux multiprocess crash generation client easier to sandbox with
seccomp-bpf when chrooting and namespaces can't be used: if sendmsg and
socketpair are both allowed, then the process can send to arbitrary Unix-domain
named datagram sockets, which is potentially bad.  The filter can't inspect
socket-related calls' arguments on 32-bit x86 (see the socketcall(2) man page),
which includes the "type" parameter to socketpair(2).

Thus, this patch replaces the socket pair with a pipe.  This depends on issue
7724002 (although it's possible to adjust the code in question rather than
deleting it, if need be).

The other socket dependency is that the server sends a single byte to the child
with the MSG_DONTWAIT | MSG_NOSIGNAL flags — but the child ignores whether or
not that byte was read, so it suffices to simply close the fd and let the child
encounter end-of-file.  This patch does that.

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats Patch
M src/client/linux/crash_generation/crash_generation_client.cc View 1 chunk +1 line, -1 line 0 comments Download
M src/client/linux/crash_generation/crash_generation_server.cc View 1 chunk +1 line, -8 lines 0 comments Download

Messages

Total messages: 1
Ted Mielczarek
6 years, 7 months ago #1
LGTM
Sign in to reply to this message.

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld 1004:630ec63f810e-tainted