Linux: propagate LD_LIBRARY_PATH through the SUID sandbox.

With the SUID sandbox, certain environment variables (esp
LD_LIBRARY_PATH) are cleared for security reasons. This means that the
child zygote process isn't run with the correct environment and can
fail to start.

BUG=16815


git-svn-id: svn://svn.chromium.org/chrome/trunk/src@20733 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 7 insertions, 0 deletions

diff --git a/chrome/browser/zygote_host_linux.cc b/chrome/browser/zygote_host_linux.cc
index 108348f..fc8b981 100644
--- a/chrome/browser/zygote_host_linux.cc
+++ b/chrome/browser/zygote_host_linux.cc
@@ -64,6 +64,13 @@ ZygoteHost::ZygoteHost() {
         (st.st_mode & S_ISUID) &&
         (st.st_mode & S_IXOTH)) {
       cmd_line.PrependWrapper(ASCIIToWide(sandbox_binary));
+
+      // SUID binaries clear LD_LIBRARY_PATH. However, the sandbox binary needs
+      // to run its child processes with the correct LD_LIBRARY_PATH so we save
+      // a copy here:
+      const char* ld_library_path = getenv("LD_LIBRARY_PATH");
+      if (ld_library_path)
+        setenv("SANDBOX_LD_LIBRARY_PATH", ld_library_path, 1 /* overwrite */);
     } else {
       LOG(FATAL) << "The SUID sandbox helper binary was found, but is not "
                     "configured correctly. Rather than run without sandboxing "