diff options
| author | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-07-08 01:15:14 +0000 |
|---|---|---|
| committer | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-07-08 01:15:14 +0000 |
| commit | 4378a822c0f819edb40d6903a9fa363d7c72c84d (patch) | |
| tree | a67ad84d03f67605dd636d1ad913d487db0e348f /chrome/app | |
| parent | 0e0b9771cc4fe496403a49126ec7cfa6c422a6d0 (diff) | |
| download | chromium_src-4378a822c0f819edb40d6903a9fa363d7c72c84d.zip chromium_src-4378a822c0f819edb40d6903a9fa363d7c72c84d.tar.gz chromium_src-4378a822c0f819edb40d6903a9fa363d7c72c84d.tar.bz2 | |
Linux: SUID sandbox support
* Make processes dumpable when they crash.
* Find crashing processes by searching for a socket inode, rather
than relying on SCM_CREDENTIALS. The kernel doesn't translate PIDs
between PID namespaces with SCM_CREDENTIALS, so we can't use the
PID there.
* Use a command line flag to the renderer to enable crash dumping.
Previously it tried to access the user's home directory for this
information.
* Search for a sandbox helper binary and, if found, use it.
* Include the source for a sandbox helper binary. It's currently not
built by default.
http://codereview.chromium.org/149230
R=evan,markus
BUG=8081
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@20110 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/app')
| -rw-r--r-- | chrome/app/breakpad_linux.cc | 28 |
1 files changed, 10 insertions, 18 deletions
diff --git a/chrome/app/breakpad_linux.cc b/chrome/app/breakpad_linux.cc index 598ad28..8d8492e 100644 --- a/chrome/app/breakpad_linux.cc +++ b/chrome/app/breakpad_linux.cc @@ -479,16 +479,12 @@ RendererCrashHandler(const void* crash_context, size_t crash_context_size, void* context) { const int fd = (int) context; int fds[2]; - pipe(fds); + socketpair(AF_UNIX, SOCK_STREAM, 0, fds); // The length of the control message: - static const unsigned kControlMsgSize = - CMSG_SPACE(sizeof(int)) + CMSG_SPACE(sizeof(struct ucred)); + static const unsigned kControlMsgSize = CMSG_SPACE(sizeof(int)); - union { - struct kernel_msghdr msg; - struct msghdr sys_msg; - }; + struct kernel_msghdr msg; my_memset(&msg, 0, sizeof(struct kernel_msghdr)); struct kernel_iovec iov[3]; iov[0].iov_base = const_cast<void*>(crash_context); @@ -510,14 +506,6 @@ RendererCrashHandler(const void* crash_context, size_t crash_context_size, hdr->cmsg_type = SCM_RIGHTS; hdr->cmsg_len = CMSG_LEN(sizeof(int)); *((int*) CMSG_DATA(hdr)) = fds[1]; - hdr = CMSG_NXTHDR(&sys_msg, hdr); - hdr->cmsg_level = SOL_SOCKET; - hdr->cmsg_type = SCM_CREDENTIALS; - hdr->cmsg_len = CMSG_LEN(sizeof(struct ucred)); - struct ucred *cred = reinterpret_cast<struct ucred*>(CMSG_DATA(hdr)); - cred->uid = getuid(); - cred->gid = getgid(); - cred->pid = getpid(); HANDLE_EINTR(sys_sendmsg(fd, &msg, 0)); sys_close(fds[1]); @@ -538,17 +526,21 @@ void EnableRendererCrashDumping() { } void InitCrashReporter() { - if (!GoogleUpdateSettings::GetCollectStatsConsent()) - return; - // Determine the process type and take appropriate action. const CommandLine& parsed_command_line = *CommandLine::ForCurrentProcess(); const std::wstring process_type = parsed_command_line.GetSwitchValue(switches::kProcessType); if (process_type.empty()) { + if (!GoogleUpdateSettings::GetCollectStatsConsent()) + return; EnableCrashDumping(); } else if (process_type == switches::kRendererProcess || process_type == switches::kZygoteProcess) { + // We might be chrooted in a zygote or renderer process so we cannot call + // GetCollectStatsConsent because that needs access the the user's home + // dir. Instead, we set a command line flag for these processes. + if (!parsed_command_line.HasSwitch(switches::kRendererCrashDump)) + return; EnableRendererCrashDumping(); } } |