diff options
| author | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-07-10 19:14:31 +0000 |
|---|---|---|
| committer | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-07-10 19:14:31 +0000 |
| commit | 87f8ce656196b6e6e2cd87e379891128b45b2174 (patch) | |
| tree | 3871ea1ceae1420ccfb91feaf1083b35ed897b25 | |
| parent | 7230383320eb3407930134300f1f9ed9c62d7f00 (diff) | |
| download | chromium_src-87f8ce656196b6e6e2cd87e379891128b45b2174.zip chromium_src-87f8ce656196b6e6e2cd87e379891128b45b2174.tar.gz chromium_src-87f8ce656196b6e6e2cd87e379891128b45b2174.tar.bz2 | |
Linux: don't bother passing the chroot directory fd to the zygote.
Markus pointed out that the cwd was already shared between the chroot
helper process and the zygote, therefore we could avoid some
complexity in passing the file descriptor so, also, we could then make
the directory mode 0000.
http://codereview.chromium.org/155366
BUG=16363
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@20398 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | chrome/browser/zygote_main_linux.cc | 18 | ||||
| -rw-r--r-- | sandbox/linux/suid/sandbox.cc | 22 |
2 files changed, 5 insertions, 35 deletions
diff --git a/chrome/browser/zygote_main_linux.cc b/chrome/browser/zygote_main_linux.cc index 9b8ef98..08f730e 100644 --- a/chrome/browser/zygote_main_linux.cc +++ b/chrome/browser/zygote_main_linux.cc @@ -221,29 +221,15 @@ static bool MaybeEnterChroot() { } char reply; - std::vector<int> fds; - if (!base::RecvMsg(fd, &reply, 1, &fds)) { + if (HANDLE_EINTR(read(fd, &reply, 1)) != 1) { LOG(ERROR) << "Failed to read from chroot pipe: " << errno; return false; } + if (reply != kChrootMeSuccess) { LOG(ERROR) << "Error code reply from chroot helper"; - for (size_t i = 0; i < fds.size(); ++i) - HANDLE_EINTR(close(fds[i])); - return false; - } - if (fds.size() != 1) { - LOG(ERROR) << "Bad number of file descriptors from chroot helper"; - for (size_t i = 0; i < fds.size(); ++i) - HANDLE_EINTR(close(fds[i])); - return false; - } - if (fchdir(fds[0]) == -1) { - LOG(ERROR) << "Failed to chdir to root directory: " << errno; - HANDLE_EINTR(close(fds[0])); return false; } - HANDLE_EINTR(close(fds[0])); static const int kMagicSandboxIPCDescriptor = 5; SkiaFontConfigUseIPCImplementation(kMagicSandboxIPCDescriptor); diff --git a/sandbox/linux/suid/sandbox.cc b/sandbox/linux/suid/sandbox.cc index abd066c..0119882 100644 --- a/sandbox/linux/suid/sandbox.cc +++ b/sandbox/linux/suid/sandbox.cc @@ -78,8 +78,7 @@ static int CloneChrootHelperProcess() { } rmdir(temp_dir); - fchown(chroot_dir_fd, 0, 0); - fchmod(chroot_dir_fd, 0555); + fchown(chroot_dir_fd, 0 /* root */, 0 /* root */); // We share our files structure with an untrusted process. As a security in // depth measure, we make sure that we can't open anything by mistake. @@ -108,6 +107,7 @@ static int CloneChrootHelperProcess() { if (fchdir(chroot_dir_fd)) FatalError("Cannot chdir into chroot temp directory"); + fchmod(chroot_dir_fd, 0000 /* no-access */); struct stat st; if (stat(".", &st)) @@ -124,23 +124,7 @@ static int CloneChrootHelperProcess() { const char reply = kMsgChrootSuccessful; do { - struct msghdr msg = {0}; - struct iovec iov = {(char *) &reply, 1}; - - msg.msg_iov = &iov; - msg.msg_iovlen = 1; - - char control_buffer[CMSG_SPACE(sizeof(int))]; - msg.msg_control = control_buffer; - msg.msg_controllen = sizeof(control_buffer); - struct cmsghdr* cmsg = CMSG_FIRSTHDR(&msg); - cmsg->cmsg_level = SOL_SOCKET; - cmsg->cmsg_type = SCM_RIGHTS; - cmsg->cmsg_len = CMSG_LEN(sizeof(int)); - memcpy(CMSG_DATA(cmsg), &chroot_dir_fd, sizeof(int)); - msg.msg_controllen = cmsg->cmsg_len; - - bytes = sendmsg(sv[0], &msg, 0); + bytes = write(sv[0], &reply, 1); } while (bytes == -1 && errno == EINTR); if (bytes != 1) |