diff options
| author | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-07-15 02:08:45 +0000 |
|---|---|---|
| committer | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-07-15 02:08:45 +0000 |
| commit | 48569688925a28c99ce3b92ffcd81b0c3f407c15 (patch) | |
| tree | db711e99dfce0f60acbc24f28794bc4f7ca46675 | |
| parent | 214d0fde9003f6057ec81ba54929f4ea2d2da1fb (diff) | |
| download | chromium_src-48569688925a28c99ce3b92ffcd81b0c3f407c15.zip chromium_src-48569688925a28c99ce3b92ffcd81b0c3f407c15.tar.gz chromium_src-48569688925a28c99ce3b92ffcd81b0c3f407c15.tar.bz2 | |
Linux: various sandbox changes
* In development mode, don't let the sandbox run SUID or SGID
binaries
* Only obay CHROME_DEVEL_SANDBOX if the binary UID matches the
read UID.
* Change the default sandbox path to save those who do nothing.
R=markus
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@20710 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | chrome/browser/zygote_host_linux.cc | 13 | ||||
| -rw-r--r-- | sandbox/linux/suid/sandbox.cc | 6 |
2 files changed, 16 insertions, 3 deletions
diff --git a/chrome/browser/zygote_host_linux.cc b/chrome/browser/zygote_host_linux.cc index d48f9da..108348f 100644 --- a/chrome/browser/zygote_host_linux.cc +++ b/chrome/browser/zygote_host_linux.cc @@ -25,7 +25,9 @@ // Previously we just looked for the binary next to the Chromium binary. But // this breaks people who do a build-all. // NOTE packagers: change this. -static const char kSandboxBinary[] = "/opt/google/chrome/chrome-sandbox"; + +// static const char kSandboxBinary[] = "/opt/google/chrome/chrome-sandbox"; +static const char kSandboxBinary[] = "/false"; ZygoteHost::ZygoteHost() { std::wstring chrome_path; @@ -47,11 +49,16 @@ ZygoteHost::ZygoteHost() { cmd_line.PrependWrapper(prefix); } - const char* sandbox_binary = getenv("CHROME_DEVEL_SANDBOX"); + const char* sandbox_binary = NULL; + struct stat st; + if (stat("/proc/self/exe", &st) == 0 && + st.st_uid == getuid()) { + sandbox_binary = getenv("CHROME_DEVEL_SANDBOX"); + } + if (!sandbox_binary) sandbox_binary = kSandboxBinary; - struct stat st; if (stat(sandbox_binary, &st) == 0) { if (access(sandbox_binary, X_OK) == 0 && (st.st_mode & S_ISUID) && diff --git a/sandbox/linux/suid/sandbox.cc b/sandbox/linux/suid/sandbox.cc index 2c4a2fa..e784d87 100644 --- a/sandbox/linux/suid/sandbox.cc +++ b/sandbox/linux/suid/sandbox.cc @@ -256,6 +256,12 @@ int main(int argc, char **argv) { return 1; } + if ((S_ISUID | S_ISGID) & st.st_mode) { + fprintf(stderr, "The development sandbox is refusing to run %s because it " + "is SUID or SGID\n", argv[1]); + return 1; + } + char proc_fd_buffer[128]; snprintf(proc_fd_buffer, sizeof(proc_fd_buffer), "/proc/self/fd/%d", binary_fd); argv[1] = proc_fd_buffer; |