diff options
| author | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-07-08 01:15:14 +0000 |
|---|---|---|
| committer | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-07-08 01:15:14 +0000 |
| commit | 4378a822c0f819edb40d6903a9fa363d7c72c84d (patch) | |
| tree | a67ad84d03f67605dd636d1ad913d487db0e348f /chrome/browser/zygote_host_linux.cc | |
| parent | 0e0b9771cc4fe496403a49126ec7cfa6c422a6d0 (diff) | |
| download | chromium_src-4378a822c0f819edb40d6903a9fa363d7c72c84d.zip chromium_src-4378a822c0f819edb40d6903a9fa363d7c72c84d.tar.gz chromium_src-4378a822c0f819edb40d6903a9fa363d7c72c84d.tar.bz2 | |
Linux: SUID sandbox support
* Make processes dumpable when they crash.
* Find crashing processes by searching for a socket inode, rather
than relying on SCM_CREDENTIALS. The kernel doesn't translate PIDs
between PID namespaces with SCM_CREDENTIALS, so we can't use the
PID there.
* Use a command line flag to the renderer to enable crash dumping.
Previously it tried to access the user's home directory for this
information.
* Search for a sandbox helper binary and, if found, use it.
* Include the source for a sandbox helper binary. It's currently not
built by default.
http://codereview.chromium.org/149230
R=evan,markus
BUG=8081
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@20110 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser/zygote_host_linux.cc')
| -rw-r--r-- | chrome/browser/zygote_host_linux.cc | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/chrome/browser/zygote_host_linux.cc b/chrome/browser/zygote_host_linux.cc index afa55da..905b98f 100644 --- a/chrome/browser/zygote_host_linux.cc +++ b/chrome/browser/zygote_host_linux.cc @@ -7,6 +7,7 @@ #include <unistd.h> #include <sys/types.h> #include <sys/socket.h> +#include <sys/stat.h> #include "base/command_line.h" #include "base/eintr_wrapper.h" @@ -14,11 +15,18 @@ #include "base/path_service.h" #include "base/pickle.h" #include "base/process_util.h" +#include "base/string_util.h" #include "base/unix_domain_socket_posix.h" #include "chrome/browser/renderer_host/render_sandbox_host_linux.h" +#include "chrome/common/chrome_constants.h" #include "chrome/common/chrome_switches.h" +// Previously we just looked for the binary next to the Chromium binary. But +// this breaks people who do a build-all. +// NOTE packagers: change this. +static const char kSandboxBinary[] = "/opt/google/chrome/chrome-sandbox"; + ZygoteHost::ZygoteHost() { std::wstring chrome_path; CHECK(PathService::Get(base::FILE_EXE, &chrome_path)); @@ -39,6 +47,27 @@ ZygoteHost::ZygoteHost() { cmd_line.PrependWrapper(prefix); } + const std::string kSandboxPath = + WideToASCII(std::wstring(L"/var/run/") + + chrome::kBrowserProcessExecutableName + + L"-sandbox"); + + struct stat st; + if (stat(kSandboxBinary, &st) == 0) { + if (access(kSandboxBinary, X_OK) == 0 && + (st.st_mode & S_ISUID) && + (st.st_mode & S_IXOTH) && + access(kSandboxPath.c_str(), F_OK) == 0) { + cmd_line.PrependWrapper(kSandboxBinary); + } else { + LOG(FATAL) << "The SUID sandbox helper binary was found, but is not " + "configured correctly. Rather than run without sandboxing " + "I'm aborting now. You need to make sure that " + << kSandboxBinary << " is mode 4755 and that " + << kSandboxPath << " exists"; + } + } + // Start up the sandbox host process and get the file descriptor for the // renderers to talk to it. const int sfd = Singleton<RenderSandboxHostLinux>()->GetRendererSocket(); |