summaryrefslogtreecommitdiffstats
path: root/chrome/browser/zygote_host_linux.cc
diff options
context:
space:
mode:
Diffstat (limited to 'chrome/browser/zygote_host_linux.cc')
-rw-r--r--chrome/browser/zygote_host_linux.cc45
1 files changed, 2 insertions, 43 deletions
diff --git a/chrome/browser/zygote_host_linux.cc b/chrome/browser/zygote_host_linux.cc
index 3b6a160..aa5d8ca 100644
--- a/chrome/browser/zygote_host_linux.cc
+++ b/chrome/browser/zygote_host_linux.cc
@@ -24,29 +24,6 @@
#include "chrome/common/chrome_switches.h"
#include "chrome/common/process_watcher.h"
-#include "sandbox/linux/suid/suid_unsafe_environment_variables.h"
-
-static void SaveSUIDUnsafeEnvironmentVariables() {
- // The ELF loader will clear many environment variables so we save them to
- // different names here so that the SUID sandbox can resolve them for the
- // renderer.
-
- for (unsigned i = 0; kSUIDUnsafeEnvironmentVariables[i]; ++i) {
- const char* const envvar = kSUIDUnsafeEnvironmentVariables[i];
- char* const saved_envvar = SandboxSavedEnvironmentVariable(envvar);
- if (!saved_envvar)
- continue;
-
- const char* const value = getenv(envvar);
- if (value)
- setenv(saved_envvar, value, 1 /* overwrite */);
- else
- unsetenv(saved_envvar);
-
- free(saved_envvar);
- }
-}
-
ZygoteHost::ZygoteHost()
: pid_(-1),
init_(false),
@@ -97,29 +74,11 @@ void ZygoteHost::Init(const std::string& sandbox_cmd) {
browser_command_line.GetSwitchValueASCII(
switches::kEnableLogging));
}
- if (browser_command_line.HasSwitch(switches::kEnableSeccompSandbox)) {
- cmd_line.AppendSwitch(switches::kEnableSeccompSandbox);
+ if (browser_command_line.HasSwitch(switches::kDisableSeccompSandbox)) {
+ cmd_line.AppendSwitch(switches::kDisableSeccompSandbox);
}
sandbox_binary_ = sandbox_cmd.c_str();
- struct stat st;
-
- if (!sandbox_cmd.empty() && stat(sandbox_binary_.c_str(), &st) == 0) {
- if (access(sandbox_binary_.c_str(), X_OK) == 0 &&
- (st.st_uid == 0) &&
- (st.st_mode & S_ISUID) &&
- (st.st_mode & S_IXOTH)) {
- using_suid_sandbox_ = true;
- cmd_line.PrependWrapper(ASCIIToWide(sandbox_binary_.c_str()));
-
- SaveSUIDUnsafeEnvironmentVariables();
- } else {
- LOG(FATAL) << "The SUID sandbox helper binary was found, but is not "
- "configured correctly. Rather than run without sandboxing "
- "I'm aborting now. You need to make sure that "
- << sandbox_binary_ << " is mode 4755 and owned by root.";
- }
- }
// Start up the sandbox host process and get the file descriptor for the
// renderers to talk to it.
generated by cgit v1.1 at 2025-01-08 11:01:16 +0000