Linux: various sandbox changes

  * In development mode, don't let the sandbox run SUID or SGID
    binaries
  * Only obay CHROME_DEVEL_SANDBOX if the binary UID matches the
    read UID.
  * Change the default sandbox path to save those who do nothing.

R=markus


git-svn-id: svn://svn.chromium.org/chrome/trunk/src@20710 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 10 insertions, 3 deletions

diff --git a/chrome/browser/zygote_host_linux.cc b/chrome/browser/zygote_host_linux.cc
index d48f9da..108348f 100644
--- a/chrome/browser/zygote_host_linux.cc
+++ b/chrome/browser/zygote_host_linux.cc
@@ -25,7 +25,9 @@
 // Previously we just looked for the binary next to the Chromium binary. But
 // this breaks people who do a build-all.
 // NOTE packagers: change this.
-static const char kSandboxBinary[] = "/opt/google/chrome/chrome-sandbox";
+
+// static const char kSandboxBinary[] = "/opt/google/chrome/chrome-sandbox";
+static const char kSandboxBinary[] = "/false";
 
 ZygoteHost::ZygoteHost() {
   std::wstring chrome_path;
@@ -47,11 +49,16 @@ ZygoteHost::ZygoteHost() {
     cmd_line.PrependWrapper(prefix);
   }
 
-  const char* sandbox_binary = getenv("CHROME_DEVEL_SANDBOX");
+  const char* sandbox_binary = NULL;
+  struct stat st;
+  if (stat("/proc/self/exe", &st) == 0 &&
+      st.st_uid == getuid()) {
+    sandbox_binary = getenv("CHROME_DEVEL_SANDBOX");
+  }
+
   if (!sandbox_binary)
     sandbox_binary = kSandboxBinary;
 
-  struct stat st;
   if (stat(sandbox_binary, &st) == 0) {
     if (access(sandbox_binary, X_OK) == 0 &&
         (st.st_mode & S_ISUID) &&