2 files changed, 22 insertions, 0 deletions

diff --git a/chrome/browser/zygote_host_linux.cc b/chrome/browser/zygote_host_linux.cc
index 108348f..fc8b981 100644
--- a/chrome/browser/zygote_host_linux.cc
+++ b/chrome/browser/zygote_host_linux.cc
@@ -64,6 +64,13 @@ ZygoteHost::ZygoteHost() {
         (st.st_mode & S_ISUID) &&
         (st.st_mode & S_IXOTH)) {
       cmd_line.PrependWrapper(ASCIIToWide(sandbox_binary));
+
+      // SUID binaries clear LD_LIBRARY_PATH. However, the sandbox binary needs
+      // to run its child processes with the correct LD_LIBRARY_PATH so we save
+      // a copy here:
+      const char* ld_library_path = getenv("LD_LIBRARY_PATH");
+      if (ld_library_path)
+        setenv("SANDBOX_LD_LIBRARY_PATH", ld_library_path, 1 /* overwrite */);
     } else {
       LOG(FATAL) << "The SUID sandbox helper binary was found, but is not "
                     "configured correctly. Rather than run without sandboxing "
diff --git a/sandbox/linux/suid/sandbox.cc b/sandbox/linux/suid/sandbox.cc
index b594d21..30b8426 100644
--- a/sandbox/linux/suid/sandbox.cc
+++ b/sandbox/linux/suid/sandbox.cc
@@ -218,6 +218,19 @@ static bool DropRoot() {
   return true;
 }
 
+static bool SetupChildEnvironment() {
+  // ld.so will have cleared LD_LIBRARY_PATH because we are SUID. However, the
+  // child process might need this so zygote_host_linux.cc saved a copy in
+  // SANDBOX_LD_LIBRARY_PATH.
+  const char* sandbox_ld_library_path = getenv("SANDBOX_LD_LIBRARY_PATH");
+  if (sandbox_ld_library_path) {
+    setenv("LD_LIBRARY_PATH", sandbox_ld_library_path, 1 /* overwrite */);
+    unsetenv("SANDBOX_LD_LIBRARY_PATH");
+  }
+
+  return true;
+}
+
 int main(int argc, char **argv) {
   if (argc == 1) {
     fprintf(stderr, "Usage: %s <renderer process> <args...>\n", argv[0]);
@@ -281,6 +294,8 @@ int main(int argc, char **argv) {
     return 1;
   if (!DropRoot())
     return 1;
+  if (!SetupChildEnvironment())
+    return 1;
 
   execv(argv[1], &argv[1]);
   FatalError("execv failed");