diff options
author | jschuh@chromium.org <jschuh@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-06-14 18:22:46 +0000 |
---|---|---|
committer | jschuh@chromium.org <jschuh@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-06-14 18:22:46 +0000 |
commit | 4a10099e4a397b7149315e03e5433e6a25259b2c (patch) | |
tree | c5c02c086dea6f018fa25d4d061522d3d9767d15 /chrome/common/logging_chrome.cc | |
parent | ba64e2bae9b1d00777a81231148e0f69909a840c (diff) | |
download | chromium_src-4a10099e4a397b7149315e03e5433e6a25259b2c.zip chromium_src-4a10099e4a397b7149315e03e5433e6a25259b2c.tar.gz chromium_src-4a10099e4a397b7149315e03e5433e6a25259b2c.tar.bz2 |
Do not call GetLogFileName() unless we know we're logging to a file
Calling GetLogFileName() triggers profile resolution on Windows. This leaves and open ALPC interface after sandbox lockdown, whicb exposes attack surface to a compromised renderrer. My solution is to just not resolve the log path except for the rare case where we need it.
TEST=None.
BUG=86002
Review URL: http://codereview.chromium.org/7145015
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@89029 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/common/logging_chrome.cc')
-rw-r--r-- | chrome/common/logging_chrome.cc | 48 |
1 files changed, 29 insertions, 19 deletions
diff --git a/chrome/common/logging_chrome.cc b/chrome/common/logging_chrome.cc index 2c27809..a5f168a 100644 --- a/chrome/common/logging_chrome.cc +++ b/chrome/common/logging_chrome.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Copyright (c) 2011 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -271,27 +271,37 @@ void InitChromeLogging(const CommandLine& command_line, #if defined(OS_POSIX) && defined(IPC_MESSAGE_LOG_ENABLED) IPC::Logging::set_log_function_map(&g_log_function_mapping); #endif + LoggingDestination logging_dest = DetermineLogMode(command_line); + FilePath log_path; +#if defined(OS_CHROMEOS) + FilePath target_path; +#endif - FilePath log_path = GetLogFileName(); + // Don't resolve the log path unless we need to. Otherwise we leave an open + // ALPC handle after sandbox lockdown on Windows. + if (logging_dest == LOG_ONLY_TO_FILE || + logging_dest == LOG_TO_BOTH_FILE_AND_SYSTEM_DEBUG_LOG) { + log_path = GetLogFileName(); #if defined(OS_CHROMEOS) - // For BWSI (Incognito) logins, we want to put the logs in the user - // profile directory that is created for the temporary session instead - // of in the system log directory, for privacy reasons. - if (command_line.HasSwitch(switches::kGuestSession)) - log_path = GetSessionLogFile(command_line); - - // On ChromeOS we log to the symlink. We force creation of a new - // symlink if we've been asked to delete the old log, since that - // indicates the start of a new session. - FilePath target_path = SetUpSymlinkIfNeeded( - log_path, delete_old_log_file == logging::DELETE_OLD_LOG_FILE); - - // Because ChromeOS manages the move to a new session by redirecting - // the link, it shouldn't remove the old file in the logging code, - // since that will remove the newly created link instead. - delete_old_log_file = logging::APPEND_TO_OLD_LOG_FILE; + // For BWSI (Incognito) logins, we want to put the logs in the user + // profile directory that is created for the temporary session instead + // of in the system log directory, for privacy reasons. + if (command_line.HasSwitch(switches::kGuestSession)) + log_path = GetSessionLogFile(command_line); + + // On ChromeOS we log to the symlink. We force creation of a new + // symlink if we've been asked to delete the old log, since that + // indicates the start of a new session. + target_path = SetUpSymlinkIfNeeded( + log_path, delete_old_log_file == logging::DELETE_OLD_LOG_FILE); + + // Because ChromeOS manages the move to a new session by redirecting + // the link, it shouldn't remove the old file in the logging code, + // since that will remove the newly created link instead. + delete_old_log_file = logging::APPEND_TO_OLD_LOG_FILE; #endif + } logging::DcheckState dcheck_state = command_line.HasSwitch(switches::kEnableDCHECK) ? @@ -299,7 +309,7 @@ void InitChromeLogging(const CommandLine& command_line, logging::DISABLE_DCHECK_FOR_NON_OFFICIAL_RELEASE_BUILDS; bool success = InitLogging(log_path.value().c_str(), - DetermineLogMode(command_line), + logging_dest, logging::LOCK_LOG_FILE, delete_old_log_file, dcheck_state); |