diff options
| author | wez@chromium.org <wez@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-04-06 11:48:05 +0000 |
|---|---|---|
| committer | wez@chromium.org <wez@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-04-06 11:48:05 +0000 |
| commit | b773963cde9a134fa712c63cced13fb7d1e81f13 (patch) | |
| tree | f055fc8881dcf34b48aaa2d83ff3a47f1804627e /ipc/ipc_channel.h | |
| parent | 6383460160eb17dcb87c3cd74b0924f83471c192 (diff) | |
| download | chromium_src-b773963cde9a134fa712c63cced13fb7d1e81f13.zip chromium_src-b773963cde9a134fa712c63cced13fb7d1e81f13.tar.gz chromium_src-b773963cde9a134fa712c63cced13fb7d1e81f13.tar.bz2 | |
Revert 80602 - Limit access to named IPC channels with SO_PEERCRED, not file permissions.BUG=TEST=Run Chrome & configure a service, to get the service process to start. Close Chrome and run a copy as a different user, but from the same user-data-dir. New Chrome should not be able to communicate with the service process.Review URL: http://codereview.chromium.org/6631002
TBR=wez@chromium.org
Review URL: http://codereview.chromium.org/6806006
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@80604 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'ipc/ipc_channel.h')
| -rw-r--r-- | ipc/ipc_channel.h | 20 |
1 files changed, 3 insertions, 17 deletions
diff --git a/ipc/ipc_channel.h b/ipc/ipc_channel.h index 1550d49..91d9f2b 100644 --- a/ipc/ipc_channel.h +++ b/ipc/ipc_channel.h @@ -1,4 +1,4 @@ -// Copyright (c) 2011 The Chromium Authors. All rights reserved. +// Copyright (c) 2010 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -67,10 +67,7 @@ class Channel : public Message::Sender { MODE_NO_FLAG = 0x0, MODE_SERVER_FLAG = 0x1, MODE_CLIENT_FLAG = 0x2, - MODE_NAMED_FLAG = 0x4, -#if defined(OS_POSIX) - MODE_OPEN_ACCESS_FLAG = 0x8, // Don't restrict access based on client UID. -#endif + MODE_NAMED_FLAG = 0x4 }; // Some Standard Modes @@ -85,13 +82,6 @@ class Channel : public Message::Sender { // MODE_NAMED_CLIENT is equivalent to MODE_CLIENT. MODE_NAMED_SERVER = MODE_SERVER_FLAG | MODE_NAMED_FLAG, MODE_NAMED_CLIENT = MODE_CLIENT_FLAG | MODE_NAMED_FLAG, -#if defined(OS_POSIX) - // An "open" named server accepts connections from ANY client. - // The caller must then implement their own access-control based on the - // client process' user Id. - MODE_OPEN_NAMED_SERVER = MODE_OPEN_ACCESS_FLAG | MODE_SERVER_FLAG | - MODE_NAMED_FLAG -#endif }; enum { @@ -162,14 +152,10 @@ class Channel : public Message::Sender { // currently connected. bool HasAcceptedConnection() const; - // Returns true if the peer process' effective user id can be determined, in - // which case the supplied client_euid is updated with it. - bool GetClientEuid(uid_t* client_euid) const; - // Closes any currently connected socket, and returns to a listening state // for more connections. void ResetToAcceptingConnectionState(); -#endif // defined(OS_POSIX) && !defined(OS_NACL) +#endif // defined(OS_POSIX) protected: // Used in Chrome by the TestSink to provide a dummy channel implementation |