Linux: SUID sandbox support

chrome/app/breakpad_linux.cc

 // Copyright (c) 2009 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <fcntl.h>
 #include <sys/socket.h>
 #include <sys/uio.h>
 #include <unistd.h>
 
 #include <string>
@@ skipping 461 matching lines @@
 // report.
 namespace renderer_logging {
 extern std::string active_url;
 }
 
 static bool
 RendererCrashHandler(const void* crash_context, size_t crash_context_size,
              void* context) {
   const int fd = (int) context;
   int fds[2];
-  pipe(fds);
+  socketpair(AF_UNIX, SOCK_STREAM, 0, fds);
 
   // The length of the control message:
-  static const unsigned kControlMsgSize =
-      CMSG_SPACE(sizeof(int)) + CMSG_SPACE(sizeof(struct ucred));
+  static const unsigned kControlMsgSize = CMSG_SPACE(sizeof(int));
 
-  union {
-    struct kernel_msghdr msg;
-    struct msghdr sys_msg;
-  };
+  struct kernel_msghdr msg;
   my_memset(&msg, 0, sizeof(struct kernel_msghdr));
   struct kernel_iovec iov[3];
   iov[0].iov_base = const_cast<void*>(crash_context);
   iov[0].iov_len = crash_context_size;
   iov[1].iov_base = const_cast<char*>(google_update::linux_guid.data());
   iov[1].iov_len = google_update::linux_guid.size();
   iov[2].iov_base = const_cast<char*>(renderer_logging::active_url.data());
   iov[2].iov_len = renderer_logging::active_url.size();
 
   msg.msg_iov = iov;
   msg.msg_iovlen = 3;
   char cmsg[kControlMsgSize];
   memset(cmsg, 0, kControlMsgSize);
   msg.msg_control = cmsg;
   msg.msg_controllen = sizeof(cmsg);
 
   struct cmsghdr *hdr = CMSG_FIRSTHDR(&msg);
   hdr->cmsg_level = SOL_SOCKET;
   hdr->cmsg_type = SCM_RIGHTS;
   hdr->cmsg_len = CMSG_LEN(sizeof(int));
   *((int*) CMSG_DATA(hdr)) = fds[1];
-  hdr = CMSG_NXTHDR(&sys_msg, hdr);
-  hdr->cmsg_level = SOL_SOCKET;
-  hdr->cmsg_type = SCM_CREDENTIALS;
-  hdr->cmsg_len = CMSG_LEN(sizeof(struct ucred));
-  struct ucred *cred = reinterpret_cast<struct ucred*>(CMSG_DATA(hdr));
-  cred->uid = getuid();
-  cred->gid = getgid();
-  cred->pid = getpid();
 
   HANDLE_EINTR(sys_sendmsg(fd, &msg, 0));
   sys_close(fds[1]);
 
   char b;
   HANDLE_EINTR(sys_read(fds[0], &b, 1));
 
   return true;
 }
 
 void EnableRendererCrashDumping() {
   const int fd = Singleton<base::GlobalDescriptors>()->Get(kCrashDumpSignal);
   // We deliberately leak this object.
   google_breakpad::ExceptionHandler* handler =
       new google_breakpad::ExceptionHandler("" /* unused */, NULL, NULL,
                                             (void*) fd, true);
   handler->set_crash_handler(RendererCrashHandler);
 }
 
 void InitCrashReporter() {
-  if (!GoogleUpdateSettings::GetCollectStatsConsent())
-    return;
-
   // Determine the process type and take appropriate action.
   const CommandLine& parsed_command_line = *CommandLine::ForCurrentProcess();
   const std::wstring process_type =
       parsed_command_line.GetSwitchValue(switches::kProcessType);
   if (process_type.empty()) {
+    if (!GoogleUpdateSettings::GetCollectStatsConsent())
+      return;
     EnableCrashDumping();
   } else if (process_type == switches::kRendererProcess ||
              process_type == switches::kZygoteProcess) {
+    // We might be chrooted in a zygote or renderer process so we cannot call
+    // GetCollectStatsConsent because that needs access the the user's home
+    // dir. Instead, we set a command line flag for these processes.
+    if (!parsed_command_line.HasSwitch(switches::kRendererCrashDump))
+      return;
     EnableRendererCrashDumping();
   }
 }