diff options
| author | thestig@chromium.org <thestig@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-09-01 07:01:20 +0000 |
|---|---|---|
| committer | thestig@chromium.org <thestig@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-09-01 07:01:20 +0000 |
| commit | 8d518af0634a01ff4a78479bef43d880259949ca (patch) | |
| tree | fc778a6507a390a1010910b5e413467af1636f4a | |
| parent | 24e86f4ff7cdf8019b61862eeee2e9b9f4b9d27c (diff) | |
| download | chromium_src-8d518af0634a01ff4a78479bef43d880259949ca.zip chromium_src-8d518af0634a01ff4a78479bef43d880259949ca.tar.gz chromium_src-8d518af0634a01ff4a78479bef43d880259949ca.tar.bz2 | |
Clean out leftover bits of the path-based Linux SUID sandbox.
TEST=none
BUG=none
Review URL: http://codereview.chromium.org/181030
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@25019 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | build/common.gypi | 14 | ||||
| -rw-r--r-- | sandbox/linux/suid/sandbox.c | 4 | ||||
| -rw-r--r-- | sandbox/sandbox.gyp | 10 |
3 files changed, 0 insertions, 28 deletions
diff --git a/build/common.gypi b/build/common.gypi index a574b2a..4b95643 100644 --- a/build/common.gypi +++ b/build/common.gypi @@ -98,25 +98,11 @@ 'chromeos%': 0, - # Set the restrictions on the SUID sandbox binary. - # Path: only exec the hard coded chrome binary path - # User: only exec binaries owned by the running user. - # - # Developers should read - # http://code.google.com/p/chromium/wiki/LinuxSUIDSandboxDevelopment - 'linux_suid_sandbox_restrictions%': 'Path', - # This is the location of the sandbox binary. Chrome looks for this before # running the zygote process. If found, and SUID, it will be used to # sandbox the zygote process and, thus, all renderer processes. 'linux_sandbox_path%': '', - # If |linux_suid_sandbox_restrictions|, above, is 'Path' then only a single - # path is allowed to be exec'ed by the sandbox for security reasons. That - # path is set here. It should be the final location of the Chromium binary - # on the system. - 'linux_sandbox_chrome_path%': '/opt/google/chrome/chrome', - 'conditions': [ ['OS=="linux"', { 'conditions': [ diff --git a/sandbox/linux/suid/sandbox.c b/sandbox/linux/suid/sandbox.c index 992ee54f..c16045a 100644 --- a/sandbox/linux/suid/sandbox.c +++ b/sandbox/linux/suid/sandbox.c @@ -29,10 +29,6 @@ #define CLONE_NEWPID 0x20000000 #endif -#if defined(LINUX_SANDBOX_CHROME_PATH) -static const char kChromeBinary[] = LINUX_SANDBOX_CHROME_PATH; -#endif - static const char kSandboxDescriptorEnvironmentVarName[] = "SBX_D"; // These are the magic byte values which the sandboxed process uses to request diff --git a/sandbox/sandbox.gyp b/sandbox/sandbox.gyp index ee7bf85..e389171 100644 --- a/sandbox/sandbox.gyp +++ b/sandbox/sandbox.gyp @@ -12,16 +12,6 @@ { 'target_name': 'chrome_sandbox', 'type': 'executable', - 'conditions': [ - ['linux_suid_sandbox_restrictions=="User"', - { - 'defines': [ 'CHROME_DEVEL_SANDBOX' ], - }, - ], - ], - 'defines': [ - 'LINUX_SANDBOX_CHROME_PATH="<(linux_sandbox_chrome_path)"', - ], 'sources': [ 'linux/suid/sandbox.c', ], |