diff options
| author | jln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-05-26 05:38:28 +0000 |
|---|---|---|
| committer | jln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-05-26 05:38:28 +0000 |
| commit | 2fa4a095a605d7f9ca1dd6d9ef637456397c128f (patch) | |
| tree | bae5557635ce2c72ec5407a9f2a7eea475a48bd1 /content | |
| parent | e09220af6b6acfad612e5cc90009113bf37fee0e (diff) | |
| download | chromium_src-2fa4a095a605d7f9ca1dd6d9ef637456397c128f.zip chromium_src-2fa4a095a605d7f9ca1dd6d9ef637456397c128f.tar.gz chromium_src-2fa4a095a605d7f9ca1dd6d9ef637456397c128f.tar.bz2 | |
Zygote: warn if setuid sandbox is acting as init
On Linux, when the setuid sandbox is used, Zygote now acts as the init
process for the new PID namespace.
Log an error if for some reason we didn't get to become init. One reason could
be using certain older versions of the setuid binary that acted as init.
BUG=
TEST="Run Chrome with a deprecated setuid sandbox binary"
Review URL: https://chromiumcodereview.appspot.com/10452025
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@139191 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'content')
| -rw-r--r-- | content/zygote/zygote_main_linux.cc | 27 |
1 files changed, 19 insertions, 8 deletions
diff --git a/content/zygote/zygote_main_linux.cc b/content/zygote/zygote_main_linux.cc index 2cb2af1..37b3d25 100644 --- a/content/zygote/zygote_main_linux.cc +++ b/content/zygote/zygote_main_linux.cc @@ -517,8 +517,9 @@ static bool CreateInitProcessReaper() { // This will set the *using_suid_sandbox variable to true if the SUID sandbox // is enabled. This does not necessarily exclude other types of sandboxing. -static bool EnterSandbox(bool* using_suid_sandbox) { +static bool EnterSandbox(bool* using_suid_sandbox, bool* has_started_new_init) { *using_suid_sandbox = false; + *has_started_new_init = false; PreSandboxInit(); SkiaFontConfigSetImplementation( @@ -565,6 +566,7 @@ static bool EnterSandbox(bool* using_suid_sandbox) { LOG(ERROR) << "Error creating an init process to reap zombies"; return false; } + *has_started_new_init = true; } #if !defined(OS_OPENBSD) @@ -600,8 +602,9 @@ static bool EnterSandbox(bool* using_suid_sandbox) { } #else // CHROMIUM_SELINUX -static bool EnterSandbox(bool* using_suid_sandbox) { +static bool EnterSandbox(bool* using_suid_sandbox, bool* has_started_new_init) { *using_suid_sandbox = false; + *has_started_new_init = false; PreSandboxInit(); SkiaFontConfigSetImplementation( @@ -642,19 +645,27 @@ bool ZygoteMain(const MainFunctionParams& params, // Turn on the SELinux or SUID sandbox. bool using_suid_sandbox = false; - if (!EnterSandbox(&using_suid_sandbox)) { + bool has_started_new_init = false; + if (!EnterSandbox(&using_suid_sandbox, &has_started_new_init)) { LOG(FATAL) << "Failed to enter sandbox. Fail safe abort. (errno: " << errno << ")"; return false; } int sandbox_flags = 0; - if (using_suid_sandbox) + if (using_suid_sandbox) { sandbox_flags |= kSandboxLinuxSUID; - if (getenv("SBX_PID_NS")) - sandbox_flags |= kSandboxLinuxPIDNS; - if (getenv("SBX_NET_NS")) - sandbox_flags |= kSandboxLinuxNetNS; + if (getenv("SBX_PID_NS")) + sandbox_flags |= kSandboxLinuxPIDNS; + if (getenv("SBX_NET_NS")) + sandbox_flags |= kSandboxLinuxNetNS; + } + + if ((sandbox_flags & kSandboxLinuxPIDNS) && !has_started_new_init) { + LOG(ERROR) << "The SUID sandbox created a new PID namespace but Zygote " + "is not the init process. Please, make sure the SUID " + "binary is up to date."; + } #if defined(SECCOMP_SANDBOX) // The seccomp sandbox will be turned on when the renderers start. But we can |