Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(27)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/suid/sandbox.cc

Issue 159025: Linux sandbox: save full list of SUID unsafe environment variables. (Closed)
Patch Set: ... Created 11 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« chrome/browser/zygote_host_linux.cc ('K') | « chrome/browser/zygote_host_linux.cc ('k') | sandbox/linux/suid/suid_unsafe_environment_variables.h » ('j') | sandbox/linux/suid/suid_unsafe_environment_variables.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2009 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // http://code.google.com/p/chromium/wiki/LinuxSUIDSandbox 5 // http://code.google.com/p/chromium/wiki/LinuxSUIDSandbox
6 6
7 #include <asm/unistd.h> 7 #include <asm/unistd.h>
8 #include <errno.h> 8 #include <errno.h>
9 #include <fcntl.h> 9 #include <fcntl.h>
10 #include <sched.h> 10 #include <sched.h>
11 #include <signal.h> 11 #include <signal.h>
12 #include <stdarg.h> 12 #include <stdarg.h>
13 #include <stdio.h> 13 #include <stdio.h>
14 #include <stdlib.h> 14 #include <stdlib.h>
15 #include <string.h> 15 #include <string.h>
16 #include <sys/prctl.h> 16 #include <sys/prctl.h>
17 #include <sys/resource.h> 17 #include <sys/resource.h>
18 #include <sys/socket.h> 18 #include <sys/socket.h>
19 #include <sys/stat.h> 19 #include <sys/stat.h>
20 #include <sys/time.h> 20 #include <sys/time.h>
21 #include <sys/types.h> 21 #include <sys/types.h>
22 #include <unistd.h> 22 #include <unistd.h>
23 23
24 #include "sandbox/linux/suid/suid_unsafe_environment_variables.h"
25
24 #if !defined(CLONE_NEWPID) 26 #if !defined(CLONE_NEWPID)
25 #define CLONE_NEWPID 0x20000000 27 #define CLONE_NEWPID 0x20000000
26 #endif 28 #endif
27 29
28 #if !defined(LINUX_SANDBOX_CHROME_PATH) && \ 30 #if !defined(LINUX_SANDBOX_CHROME_PATH) && \
29 !defined(CHROME_DEVEL_SANDBOX) 31 !defined(CHROME_DEVEL_SANDBOX)
30 #error LINUX_SANDBOX_CHROME_PATH must be defined to be the location of the \ 32 #error LINUX_SANDBOX_CHROME_PATH must be defined to be the location of the \
31 Chrome binary, or CHROME_DEVEL_SANDBOX must be defined 33 Chrome binary, or CHROME_DEVEL_SANDBOX must be defined
32 #endif 34 #endif
33 35
(...skipping 187 matching lines...) Expand 10 before | Expand all | Expand 10 after
221 223
222 if (setresuid(ruid, ruid, ruid)) { 224 if (setresuid(ruid, ruid, ruid)) {
223 perror("setresuid"); 225 perror("setresuid");
224 return false; 226 return false;
225 } 227 }
226 228
227 return true; 229 return true;
228 } 230 }
229 231
230 static bool SetupChildEnvironment() { 232 static bool SetupChildEnvironment() {
231 // ld.so will have cleared LD_LIBRARY_PATH because we are SUID. However, the 233 // ld.so may have cleared several environment variable because we are SUID.
Evan Martin 2009/07/17 21:10:57 variable*s*
agl 2009/07/17 21:35:09 Done.
232 // child process might need this so zygote_host_linux.cc saved a copy in 234 // However, the child process might need them so zygote_host_linux.cc saves a
233 // SANDBOX_LD_LIBRARY_PATH. This is safe because we have dropped root by this 235 // copy in SANDBOX_$x. This is safe because we have dropped root by this
234 // point, so we can only exec a binary with the permissions of the user who 236 // point, so we can only exec a binary with the permissions of the user who
235 // ran us in the first place. 237 // ran us in the first place.
236 const char* sandbox_ld_library_path = getenv("SANDBOX_LD_LIBRARY_PATH"); 238
237 if (sandbox_ld_library_path) { 239 for (unsigned i = 0; kSUIDUnsafeEnvironmentVariables[i]; ++i) {
238 setenv("LD_LIBRARY_PATH", sandbox_ld_library_path, 1 /* overwrite */); 240 const char* const envvar = kSUIDUnsafeEnvironmentVariables[i];
239 unsetenv("SANDBOX_LD_LIBRARY_PATH"); 241 char* const saved_envvar = SandboxSavedEnvironmentVariable(envvar);
242 if (!saved_envvar)
243 return false;
244
245 const char* const value = getenv(saved_envvar);
246 if (value) {
247 setenv(envvar, value, 1 /* overwrite */);
248 unsetenv(saved_envvar);
249 }
250
251 free(saved_envvar);
240 } 252 }
241 253
242 return true; 254 return true;
243 } 255 }
244 256
245 int main(int argc, char **argv) { 257 int main(int argc, char **argv) {
246 if (argc == 1) { 258 if (argc == 1) {
247 fprintf(stderr, "Usage: %s <renderer process> <args...>\n", argv[0]); 259 fprintf(stderr, "Usage: %s <renderer process> <args...>\n", argv[0]);
248 return 1; 260 return 1;
249 } 261 }
(...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after
306 if (!DropRoot()) 318 if (!DropRoot())
307 return 1; 319 return 1;
308 if (!SetupChildEnvironment()) 320 if (!SetupChildEnvironment())
309 return 1; 321 return 1;
310 322
311 execv(argv[1], &argv[1]); 323 execv(argv[1], &argv[1]);
312 FatalError("execv failed"); 324 FatalError("execv failed");
313 325
314 return 1; 326 return 1;
315 } 327 }
OLDNEW
« chrome/browser/zygote_host_linux.cc ('K') | « chrome/browser/zygote_host_linux.cc ('k') | sandbox/linux/suid/suid_unsafe_environment_variables.h » ('j') | sandbox/linux/suid/suid_unsafe_environment_variables.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698