From 43f7a588f96aaf88e7b69441c3b50bc9c7b20df7 Mon Sep 17 00:00:00 2001 From: wolfbeast Date: Thu, 3 May 2018 05:55:15 +0200 Subject: Nuke the sandbox --- security/sandbox/linux/SandboxChroot.h | 66 ---------------------------------- 1 file changed, 66 deletions(-) delete mode 100644 security/sandbox/linux/SandboxChroot.h (limited to 'security/sandbox/linux/SandboxChroot.h') diff --git a/security/sandbox/linux/SandboxChroot.h b/security/sandbox/linux/SandboxChroot.h deleted file mode 100644 index 3ad89b732..000000000 --- a/security/sandbox/linux/SandboxChroot.h +++ /dev/null @@ -1,66 +0,0 @@ -/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ -/* vim: set ts=8 sts=2 et sw=2 tw=80: */ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this file, - * You can obtain one at http://mozilla.org/MPL/2.0/. */ - -#ifndef mozilla_SandboxChroot_h -#define mozilla_SandboxChroot_h - -#include - -#include "mozilla/Attributes.h" - -// This class uses the chroot(2) system call and Linux namespaces to -// revoke the process's access to the filesystem. It requires that -// the process be able to create user namespaces; this is the -// kHasUserNamespaces in SandboxInfo.h. -// -// Usage: call Prepare() from a thread with CAP_SYS_CHROOT in its -// effective capability set, then later call Invoke() when ready to -// drop filesystem access. Prepare() creates a thread to do the -// chrooting, so the caller can (and should!) drop its own -// capabilities afterwards. When Invoke() returns, the thread will -// have exited. -// -// (Exception: on Android/B2G <= KitKat, because of how pthread_join -// is implemented, the thread may still exist, but it will not have -// capabilities. Accordingly, on such systems, be careful about -// namespaces or other resources the thread might have inherited.) -// -// Prepare() can fail (return false); for example, if it doesn't have -// CAP_SYS_CHROOT or if it can't create a directory to chroot into. -// -// The root directory will be empty and deleted, so the process will -// not be able to create new entries in it regardless of permissions. - -namespace mozilla { - -class SandboxChroot final { -public: - SandboxChroot(); - ~SandboxChroot(); - bool Prepare(); - void Invoke(); -private: - enum Command { - NO_THREAD, - NO_COMMAND, - DO_CHROOT, - JUST_EXIT, - }; - - pthread_t mThread; - pthread_mutex_t mMutex; - pthread_cond_t mWakeup; - Command mCommand; - int mFd; - - void ThreadMain(); - static void* StaticThreadMain(void* aVoidPtr); - bool SendCommand(Command aComm); -}; - -} // namespace mozilla - -#endif // mozilla_SandboxChroot_h -- cgit v1.2.3