|
|
Log in / Subscribe / Register

Google's Chromium sandbox

Google's Chromium sandbox

Posted Aug 19, 2009 15:58 UTC (Wed) by johill (subscriber, #25196)
Parent article: Google's Chromium sandbox

Hmm, the permitted list of syscalls needs comments.

Why, for example, can an untrusted process look into my filesystem using getdents() without any checking?

I think that file should come with comments as to why it is allowed, etc., because otherwise it's JUST a collection of arbitrary things, with that information at least it would be verifiable why/that it is needed.

to post comments

Google's Chromium sandbox

Posted Aug 19, 2009 16:32 UTC (Wed) by foom (subscriber, #14868) [Link]

Why, for example, can an untrusted process look into my filesystem using getdents() without any checking?
Presumably because getdents takes an already-open fd, and open is sandboxed.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds