src/sandbox · fe479fe79351475bc402f9216463e40fbba5c638 · Linshizhi / V8

[sandbox] Disallow executable pages inside the sandbox · 6e06d756

Samuel Groß authored Feb 15, 2022

These should not be allowed inside the sandbox as they could be
corrupted by an attacker, thus posing a security risk. Furthermore,
executable pages require MAP_JIT on macOS, which causes fork() to become
excessively slow, in turn causing tests to time out.
Due to this, the sandbox now requires the external code space.

In addition, this CL adds a max_page_permissions member to the
VirtualAddressSpace API to make it possible to verify the maximum
permissions of a subspace.

Bug: v8:10391
Change-Id: Ib9562ecff6f018696bfa25143113d8583d1ec6cd
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3460406Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79119}

6e06d756

Name	Last commit	Last update
..
OWNERS		Loading commit data...
external-pointer-inl.h		Loading commit data...
external-pointer-table-inl.h		Loading commit data...
external-pointer-table.cc		Loading commit data...
external-pointer-table.h		Loading commit data...
external-pointer.h		Loading commit data...
sandbox.cc		Loading commit data...
sandbox.h		Loading commit data...
sandboxed-pointer-inl.h		Loading commit data...
sandboxed-pointer.h		Loading commit data...