| OLD | NEW |
|---|
| 1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <unistd.h> | 5 #include <unistd.h> |
| 6 #include <sys/epoll.h> | 6 #include <sys/epoll.h> |
| 7 #include <sys/types.h> | 7 #include <sys/types.h> |
| 8 #include <sys/socket.h> | 8 #include <sys/socket.h> |
| 9 #include <sys/signal.h> | 9 #include <sys/signal.h> |
| 10 #include <sys/prctl.h> | 10 #include <sys/prctl.h> |
| 11 | 11 |
| 12 #include "base/command_line.h" | 12 #include "base/command_line.h" |
| 13 #include "base/eintr_wrapper.h" | 13 #include "base/eintr_wrapper.h" |
| 14 #include "base/global_descriptors_posix.h" | 14 #include "base/global_descriptors_posix.h" |
| 15 #include "base/pickle.h" | 15 #include "base/pickle.h" |
| 16 #include "base/rand_util.h" |
| 16 #include "base/unix_domain_socket_posix.h" | 17 #include "base/unix_domain_socket_posix.h" |
| 17 | 18 |
| 18 #include "chrome/browser/zygote_host_linux.h" | 19 #include "chrome/browser/zygote_host_linux.h" |
| 19 #include "chrome/common/chrome_descriptors.h" | 20 #include "chrome/common/chrome_descriptors.h" |
| 20 #include "chrome/common/main_function_params.h" | 21 #include "chrome/common/main_function_params.h" |
| 21 #include "chrome/common/process_watcher.h" | 22 #include "chrome/common/process_watcher.h" |
| 22 | 23 |
| 23 #include "skia/ext/SkFontHost_fontconfig_control.h" | 24 #include "skia/ext/SkFontHost_fontconfig_control.h" |
| 24 | 25 |
| 25 // http://code.google.com/p/chromium/wiki/LinuxZygote | 26 // http://code.google.com/p/chromium/wiki/LinuxZygote |
| (...skipping 174 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 200 // The SUID sandbox sets this environment variable to a file descriptor | 201 // The SUID sandbox sets this environment variable to a file descriptor |
| 201 // over which we can signal that we have completed our startup and can be | 202 // over which we can signal that we have completed our startup and can be |
| 202 // chrooted. | 203 // chrooted. |
| 203 | 204 |
| 204 char* endptr; | 205 char* endptr; |
| 205 const long fd_long = strtol(sandbox_fd_string, &endptr, 10); | 206 const long fd_long = strtol(sandbox_fd_string, &endptr, 10); |
| 206 if (!*sandbox_fd_string || *endptr || fd_long < 0 || fd_long > INT_MAX) | 207 if (!*sandbox_fd_string || *endptr || fd_long < 0 || fd_long > INT_MAX) |
| 207 return false; | 208 return false; |
| 208 const int fd = fd_long; | 209 const int fd = fd_long; |
| 209 | 210 |
| 211 // Before entering the sandbox, "prime" any systems that need to open |
| 212 // files and cache the results or the descriptors. |
| 213 base::RandUint64(); |
| 214 |
| 210 static const char kChrootMe = 'C'; | 215 static const char kChrootMe = 'C'; |
| 211 static const char kChrootMeSuccess = 'O'; | 216 static const char kChrootMeSuccess = 'O'; |
| 212 | 217 |
| 213 if (HANDLE_EINTR(write(fd, &kChrootMe, 1)) != 1) | 218 if (HANDLE_EINTR(write(fd, &kChrootMe, 1)) != 1) |
| 214 return false; | 219 return false; |
| 215 | 220 |
| 216 char reply; | 221 char reply; |
| 217 if (HANDLE_EINTR(read(fd, &reply, 1)) != 1) | 222 if (HANDLE_EINTR(read(fd, &reply, 1)) != 1) |
| 218 return false; | 223 return false; |
| 219 if (reply != kChrootMeSuccess) | 224 if (reply != kChrootMeSuccess) |
| 220 return false; | 225 return false; |
| 221 if (chdir("/") == -1) | 226 if (chdir("/") == -1) |
| 222 return false; | 227 return false; |
| 223 | 228 |
| 224 static const int kMagicSandboxIPCDescriptor = 4; | 229 static const int kMagicSandboxIPCDescriptor = 5; |
| 225 SkiaFontConfigUseIPCImplementation(kMagicSandboxIPCDescriptor); | 230 SkiaFontConfigUseIPCImplementation(kMagicSandboxIPCDescriptor); |
| 226 | 231 |
| 232 if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0)) { |
| 233 LOG(ERROR) << "CRITICAL: The SUID sandbox is being used, but the chrome " |
| 234 "binary is also marked as readable. This means that the " |
| 235 "process starts up dumpable. That means that there's a " |
| 236 "window where another renderer process can ptrace this " |
| 237 "process and sequestrate it. This is a packaging error. " |
| 238 "Please report it as such."; |
| 239 } |
| 240 |
| 227 prctl(PR_SET_DUMPABLE, 0, 0, 0, 0); | 241 prctl(PR_SET_DUMPABLE, 0, 0, 0, 0); |
| 228 if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0)) | 242 if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0)) |
| 229 return false; | 243 return false; |
| 230 } else { | 244 } else { |
| 231 SkiaFontConfigUseDirectImplementation(); | 245 SkiaFontConfigUseDirectImplementation(); |
| 232 } | 246 } |
| 233 | 247 |
| 234 return true; | 248 return true; |
| 235 } | 249 } |
| 236 | 250 |
| 237 bool ZygoteMain(const MainFunctionParams& params) { | 251 bool ZygoteMain(const MainFunctionParams& params) { |
| 238 if (!MaybeEnterChroot()) { | 252 if (!MaybeEnterChroot()) { |
| 239 LOG(FATAL) << "Failed to enter sandbox. Fail safe abort. (errno: " | 253 LOG(FATAL) << "Failed to enter sandbox. Fail safe abort. (errno: " |
| 240 << errno << ")"; | 254 << errno << ")"; |
| 241 return false; | 255 return false; |
| 242 } | 256 } |
| 243 | 257 |
| 244 Zygote zygote; | 258 Zygote zygote; |
| 245 return zygote.ProcessRequests(); | 259 return zygote.ProcessRequests(); |
| 246 } | 260 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 149230:
Linux: SUID sandbox support (Closed)
