diff options
| -rw-r--r-- | chrome/browser/renderer_host/browser_render_process_host.cc | 2 | ||||
| -rw-r--r-- | chrome/browser/zygote_host_linux.cc | 45 | ||||
| -rw-r--r-- | chrome/browser/zygote_main_linux.cc | 14 | ||||
| -rw-r--r-- | chrome/common/chrome_switches.cc | 4 | ||||
| -rw-r--r-- | chrome/common/chrome_switches.h | 2 | ||||
| -rw-r--r-- | chrome/renderer/renderer_main_platform_delegate_linux.cc | 5 |
6 files changed, 15 insertions, 57 deletions
diff --git a/chrome/browser/renderer_host/browser_render_process_host.cc b/chrome/browser/renderer_host/browser_render_process_host.cc index 6e18eee..47d8f0d 100644 --- a/chrome/browser/renderer_host/browser_render_process_host.cc +++ b/chrome/browser/renderer_host/browser_render_process_host.cc @@ -493,7 +493,7 @@ void BrowserRenderProcessHost::PropagateBrowserCommandLineToRenderer( switches::kRendererStartupDialog, switches::kNoSandbox, switches::kTestSandbox, - switches::kEnableSeccompSandbox, + switches::kDisableSeccompSandbox, #if !defined (GOOGLE_CHROME_BUILD) // These are unsupported and not fully tested modes, so don't enable them // for official Google Chrome builds. diff --git a/chrome/browser/zygote_host_linux.cc b/chrome/browser/zygote_host_linux.cc index 3b6a160..aa5d8ca 100644 --- a/chrome/browser/zygote_host_linux.cc +++ b/chrome/browser/zygote_host_linux.cc @@ -24,29 +24,6 @@ #include "chrome/common/chrome_switches.h" #include "chrome/common/process_watcher.h" -#include "sandbox/linux/suid/suid_unsafe_environment_variables.h" - -static void SaveSUIDUnsafeEnvironmentVariables() { - // The ELF loader will clear many environment variables so we save them to - // different names here so that the SUID sandbox can resolve them for the - // renderer. - - for (unsigned i = 0; kSUIDUnsafeEnvironmentVariables[i]; ++i) { - const char* const envvar = kSUIDUnsafeEnvironmentVariables[i]; - char* const saved_envvar = SandboxSavedEnvironmentVariable(envvar); - if (!saved_envvar) - continue; - - const char* const value = getenv(envvar); - if (value) - setenv(saved_envvar, value, 1 /* overwrite */); - else - unsetenv(saved_envvar); - - free(saved_envvar); - } -} - ZygoteHost::ZygoteHost() : pid_(-1), init_(false), @@ -97,29 +74,11 @@ void ZygoteHost::Init(const std::string& sandbox_cmd) { browser_command_line.GetSwitchValueASCII( switches::kEnableLogging)); } - if (browser_command_line.HasSwitch(switches::kEnableSeccompSandbox)) { - cmd_line.AppendSwitch(switches::kEnableSeccompSandbox); + if (browser_command_line.HasSwitch(switches::kDisableSeccompSandbox)) { + cmd_line.AppendSwitch(switches::kDisableSeccompSandbox); } sandbox_binary_ = sandbox_cmd.c_str(); - struct stat st; - - if (!sandbox_cmd.empty() && stat(sandbox_binary_.c_str(), &st) == 0) { - if (access(sandbox_binary_.c_str(), X_OK) == 0 && - (st.st_uid == 0) && - (st.st_mode & S_ISUID) && - (st.st_mode & S_IXOTH)) { - using_suid_sandbox_ = true; - cmd_line.PrependWrapper(ASCIIToWide(sandbox_binary_.c_str())); - - SaveSUIDUnsafeEnvironmentVariables(); - } else { - LOG(FATAL) << "The SUID sandbox helper binary was found, but is not " - "configured correctly. Rather than run without sandboxing " - "I'm aborting now. You need to make sure that " - << sandbox_binary_ << " is mode 4755 and owned by root."; - } - } // Start up the sandbox host process and get the file descriptor for the // renderers to talk to it. diff --git a/chrome/browser/zygote_main_linux.cc b/chrome/browser/zygote_main_linux.cc index 009ba00d..a526d97 100644 --- a/chrome/browser/zygote_main_linux.cc +++ b/chrome/browser/zygote_main_linux.cc @@ -607,8 +607,8 @@ bool ZygoteMain(const MainFunctionParams& params) { // The seccomp sandbox needs access to files in /proc, which might be denied // after one of the other sandboxes have been started. So, obtain a suitable // file handle in advance. - if (CommandLine::ForCurrentProcess()->HasSwitch( - switches::kEnableSeccompSandbox)) { + if (!CommandLine::ForCurrentProcess()->HasSwitch( + switches::kDisableSeccompSandbox)) { g_proc_fd = open("/proc", O_DIRECTORY | O_RDONLY); if (g_proc_fd < 0) { LOG(ERROR) << "WARNING! Cannot access \"/proc\". Disabling seccomp " @@ -629,16 +629,16 @@ bool ZygoteMain(const MainFunctionParams& params) { // already check if sufficient support is available so that we only need to // print one error message for the entire browser session. if (g_proc_fd >= 0 && - CommandLine::ForCurrentProcess()->HasSwitch( - switches::kEnableSeccompSandbox)) { + !CommandLine::ForCurrentProcess()->HasSwitch( + switches::kDisableSeccompSandbox)) { if (!SupportsSeccompSandbox(g_proc_fd)) { // There are a good number of users who cannot use the seccomp sandbox // (e.g. because their distribution does not enable seccomp mode by // default). While we would prefer to deny execution in this case, it // seems more realistic to continue in degraded mode. - LOG(ERROR) << "WARNING! This machine lacks support needed for the " - "Seccomp sandbox. Running renderers with Seccomp " - "sandboxing disabled."; + LOG(FATAL) << "WARNING! This machine lacks support needed for the " + "Seccomp sandbox. Please report your system specs on " + "http://code.google.com/p/chromium/issues/detail?id=36133"; } else { LOG(INFO) << "Enabling experimental Seccomp sandbox."; } diff --git a/chrome/common/chrome_switches.cc b/chrome/common/chrome_switches.cc index 0f41903..76ea9e6 100644 --- a/chrome/common/chrome_switches.cc +++ b/chrome/common/chrome_switches.cc @@ -266,8 +266,8 @@ const char kEnablePrivacyBlacklists[] = "enable-privacy-blacklists"; // http://b/issue?id=1432077 is fixed. const char kEnableRendererAccessibility[] = "enable-renderer-accessibility"; -// Enable the seccomp sandbox (Linux only) -const char kEnableSeccompSandbox[] = "enable-seccomp-sandbox"; +// Disable the seccomp sandbox (Linux only) +const char kDisableSeccompSandbox[] = "disable-seccomp-sandbox"; // Enable session storage. Still buggy. const char kEnableSessionStorage[] = "enable-session-storage"; diff --git a/chrome/common/chrome_switches.h b/chrome/common/chrome_switches.h index e311e1a..7829834 100644 --- a/chrome/common/chrome_switches.h +++ b/chrome/common/chrome_switches.h @@ -93,7 +93,7 @@ extern const char kEnableNaClOnMac[]; extern const char kEnableNewAutoFill[]; extern const char kEnablePrivacyBlacklists[]; extern const char kEnableRendererAccessibility[]; -extern const char kEnableSeccompSandbox[]; +extern const char kDisableSeccompSandbox[]; extern const char kEnableSessionStorage[]; extern const char kEnableStatsTable[]; extern const char kEnableSync[]; diff --git a/chrome/renderer/renderer_main_platform_delegate_linux.cc b/chrome/renderer/renderer_main_platform_delegate_linux.cc index bce15dd..2ab392a 100644 --- a/chrome/renderer/renderer_main_platform_delegate_linux.cc +++ b/chrome/renderer/renderer_main_platform_delegate_linux.cc @@ -40,9 +40,8 @@ bool RendererMainPlatformDelegate::EnableSandbox() { // N.b. SupportsSeccompSandbox() returns a cached result, as we already // called it earlier in the zygote. Thus, it is OK for us to not pass in // a file descriptor for "/proc". - if (CommandLine::ForCurrentProcess()->HasSwitch( - switches::kEnableSeccompSandbox) && - SupportsSeccompSandbox(-1)) { + if (!CommandLine::ForCurrentProcess()->HasSwitch( + switches::kDisableSeccompSandbox)) { StartSeccompSandbox(); } #endif |