diff options
| author | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-07-08 01:15:14 +0000 |
|---|---|---|
| committer | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-07-08 01:15:14 +0000 |
| commit | 4378a822c0f819edb40d6903a9fa363d7c72c84d (patch) | |
| tree | a67ad84d03f67605dd636d1ad913d487db0e348f /chrome/browser/zygote_main_linux.cc | |
| parent | 0e0b9771cc4fe496403a49126ec7cfa6c422a6d0 (diff) | |
| download | chromium_src-4378a822c0f819edb40d6903a9fa363d7c72c84d.zip chromium_src-4378a822c0f819edb40d6903a9fa363d7c72c84d.tar.gz chromium_src-4378a822c0f819edb40d6903a9fa363d7c72c84d.tar.bz2 | |
Linux: SUID sandbox support
* Make processes dumpable when they crash.
* Find crashing processes by searching for a socket inode, rather
than relying on SCM_CREDENTIALS. The kernel doesn't translate PIDs
between PID namespaces with SCM_CREDENTIALS, so we can't use the
PID there.
* Use a command line flag to the renderer to enable crash dumping.
Previously it tried to access the user's home directory for this
information.
* Search for a sandbox helper binary and, if found, use it.
* Include the source for a sandbox helper binary. It's currently not
built by default.
http://codereview.chromium.org/149230
R=evan,markus
BUG=8081
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@20110 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser/zygote_main_linux.cc')
| -rw-r--r-- | chrome/browser/zygote_main_linux.cc | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/chrome/browser/zygote_main_linux.cc b/chrome/browser/zygote_main_linux.cc index 3f9b570..8e4fb55 100644 --- a/chrome/browser/zygote_main_linux.cc +++ b/chrome/browser/zygote_main_linux.cc @@ -13,6 +13,7 @@ #include "base/eintr_wrapper.h" #include "base/global_descriptors_posix.h" #include "base/pickle.h" +#include "base/rand_util.h" #include "base/unix_domain_socket_posix.h" #include "chrome/browser/zygote_host_linux.h" @@ -207,6 +208,10 @@ static bool MaybeEnterChroot() { return false; const int fd = fd_long; + // Before entering the sandbox, "prime" any systems that need to open + // files and cache the results or the descriptors. + base::RandUint64(); + static const char kChrootMe = 'C'; static const char kChrootMeSuccess = 'O'; @@ -221,9 +226,18 @@ static bool MaybeEnterChroot() { if (chdir("/") == -1) return false; - static const int kMagicSandboxIPCDescriptor = 4; + static const int kMagicSandboxIPCDescriptor = 5; SkiaFontConfigUseIPCImplementation(kMagicSandboxIPCDescriptor); + if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0)) { + LOG(ERROR) << "CRITICAL: The SUID sandbox is being used, but the chrome " + "binary is also marked as readable. This means that the " + "process starts up dumpable. That means that there's a " + "window where another renderer process can ptrace this " + "process and sequestrate it. This is a packaging error. " + "Please report it as such."; + } + prctl(PR_SET_DUMPABLE, 0, 0, 0, 0); if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0)) return false; |