2 files changed, 16 insertions, 3 deletions

diff --git a/chrome/browser/zygote_host_linux.cc b/chrome/browser/zygote_host_linux.cc
index d48f9da..108348f 100644
--- a/chrome/browser/zygote_host_linux.cc
+++ b/chrome/browser/zygote_host_linux.cc
@@ -25,7 +25,9 @@
 // Previously we just looked for the binary next to the Chromium binary. But
 // this breaks people who do a build-all.
 // NOTE packagers: change this.
-static const char kSandboxBinary[] = "/opt/google/chrome/chrome-sandbox";
+
+// static const char kSandboxBinary[] = "/opt/google/chrome/chrome-sandbox";
+static const char kSandboxBinary[] = "/false";
 
 ZygoteHost::ZygoteHost() {
   std::wstring chrome_path;
@@ -47,11 +49,16 @@ ZygoteHost::ZygoteHost() {
     cmd_line.PrependWrapper(prefix);
   }
 
-  const char* sandbox_binary = getenv("CHROME_DEVEL_SANDBOX");
+  const char* sandbox_binary = NULL;
+  struct stat st;
+  if (stat("/proc/self/exe", &st) == 0 &&
+      st.st_uid == getuid()) {
+    sandbox_binary = getenv("CHROME_DEVEL_SANDBOX");
+  }
+
   if (!sandbox_binary)
     sandbox_binary = kSandboxBinary;
 
-  struct stat st;
   if (stat(sandbox_binary, &st) == 0) {
     if (access(sandbox_binary, X_OK) == 0 &&
         (st.st_mode & S_ISUID) &&
diff --git a/sandbox/linux/suid/sandbox.cc b/sandbox/linux/suid/sandbox.cc
index 2c4a2fa..e784d87 100644
--- a/sandbox/linux/suid/sandbox.cc
+++ b/sandbox/linux/suid/sandbox.cc
@@ -256,6 +256,12 @@ int main(int argc, char **argv) {
     return 1;
   }
 
+  if ((S_ISUID | S_ISGID) & st.st_mode) {
+    fprintf(stderr, "The development sandbox is refusing to run %s because it "
+                    "is SUID or SGID\n", argv[1]);
+    return 1;
+  }
+
   char proc_fd_buffer[128];
   snprintf(proc_fd_buffer, sizeof(proc_fd_buffer), "/proc/self/fd/%d", binary_fd);
   argv[1] = proc_fd_buffer;