mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-09 11:25:00 +00:00
0c5b23b47d
This allows writing to shared memory and then making it read-only before sharing it to other processes, such that a malicious sandboxed process cannot regain write access. This is currently available only in the low-level base::SharedMemory interface. The freeze operation exposes the common subset of read-only shared memory that we can implement on all supported OSes: with some APIs (POSIX shm_open) we can't revoke writeability from existing capabilies, while for others (Android ashmem) we *must* revoke it. Thus, we require that the writeable capability not have been duplicated or shared to another process, and consume it as part of freezing. Also, because in some backends need special handling at creation time, freezeability must be explicitly requested. In particular, this doesn't allow giving an untrusted process read-only access to memory that the original process can write. Note that on MacOS before 10.12 this will use temporary files in order to avoid an OS security bug that allows regaining write access; those OS versions are no longer supported by Apple (but are supported by Firefox). Depends on D26742 Differential Revision: https://phabricator.services.mozilla.com/D26743 --HG-- extra : moz-landing-system : lando |
||
|---|---|---|
| .. | ||
| src | ||
| chromium-config.mozbuild | ||
| moz.build | ||