Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1333)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/zygote_main_linux.cc

Issue 159124: linux: add command-line flag to allow debugging of sandboxed processes (Closed)
Patch Set: merge Created 11 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/browser/zygote_host_linux.cc ('k') | chrome/common/chrome_switches.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2009 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <unistd.h> 5 #include <unistd.h>
6 #include <sys/epoll.h> 6 #include <sys/epoll.h>
7 #include <sys/types.h> 7 #include <sys/types.h>
8 #include <sys/socket.h> 8 #include <sys/socket.h>
9 #include <sys/signal.h> 9 #include <sys/signal.h>
10 #include <sys/prctl.h> 10 #include <sys/prctl.h>
11 #include <sys/wait.h> 11 #include <sys/wait.h>
12 12
13 #include "base/command_line.h" 13 #include "base/command_line.h"
14 #include "base/eintr_wrapper.h" 14 #include "base/eintr_wrapper.h"
15 #include "base/global_descriptors_posix.h" 15 #include "base/global_descriptors_posix.h"
16 #include "base/pickle.h" 16 #include "base/pickle.h"
17 #include "base/rand_util.h" 17 #include "base/rand_util.h"
18 #include "base/unix_domain_socket_posix.h" 18 #include "base/unix_domain_socket_posix.h"
19 19
20 #include "chrome/browser/zygote_host_linux.h" 20 #include "chrome/browser/zygote_host_linux.h"
21 #include "chrome/common/chrome_descriptors.h" 21 #include "chrome/common/chrome_descriptors.h"
22 #include "chrome/common/chrome_switches.h"
22 #include "chrome/common/main_function_params.h" 23 #include "chrome/common/main_function_params.h"
23 #include "chrome/common/process_watcher.h" 24 #include "chrome/common/process_watcher.h"
24 #include "chrome/common/sandbox_methods_linux.h" 25 #include "chrome/common/sandbox_methods_linux.h"
25 26
26 #include "skia/ext/SkFontHost_fontconfig_control.h" 27 #include "skia/ext/SkFontHost_fontconfig_control.h"
27 28
28 // http://code.google.com/p/chromium/wiki/LinuxZygote 29 // http://code.google.com/p/chromium/wiki/LinuxZygote
29 30
30 static const int kMagicSandboxIPCDescriptor = 5; 31 static const int kMagicSandboxIPCDescriptor = 5;
31 32
(...skipping 298 matching lines...) Expand 10 before | Expand all | Expand 10 after
330 // the SUID sandbox), they would nonetheless be in the /same/ PID 331 // the SUID sandbox), they would nonetheless be in the /same/ PID
331 // namespace. So they could ptrace each other unless they were non-dumpable. 332 // namespace. So they could ptrace each other unless they were non-dumpable.
332 // 333 //
333 // If the binary was readable, then there would be a window between process 334 // If the binary was readable, then there would be a window between process
334 // startup and the point where we set the non-dumpable flag in which a 335 // startup and the point where we set the non-dumpable flag in which a
335 // compromised renderer could ptrace attach. 336 // compromised renderer could ptrace attach.
336 // 337 //
337 // However, now that we have a zygote model, only the (trusted) zygote 338 // However, now that we have a zygote model, only the (trusted) zygote
338 // exists at this point and we can set the non-dumpable flag which is 339 // exists at this point and we can set the non-dumpable flag which is
339 // inherited by all our renderer children. 340 // inherited by all our renderer children.
340 prctl(PR_SET_DUMPABLE, 0, 0, 0, 0); 341 //
341 if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0)) { 342 // Note: a non-dumpable process can't be debugged. To debug sandbox-related
342 LOG(ERROR) << "Failed to set non-dumpable flag"; 343 // issues, one can specify --allow-sandbox-debugging to let the process be
343 return false; 344 // dumpable.
345 const CommandLine& command_line = *CommandLine::ForCurrentProcess();
346 if (!command_line.HasSwitch(switches::kAllowSandboxDebugging)) {
347 prctl(PR_SET_DUMPABLE, 0, 0, 0, 0);
348 if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0)) {
349 LOG(ERROR) << "Failed to set non-dumpable flag";
350 return false;
351 }
344 } 352 }
345 } else { 353 } else {
346 SkiaFontConfigUseDirectImplementation(); 354 SkiaFontConfigUseDirectImplementation();
347 } 355 }
348 356
349 return true; 357 return true;
350 } 358 }
351 359
352 bool ZygoteMain(const MainFunctionParams& params) { 360 bool ZygoteMain(const MainFunctionParams& params) {
353 if (!MaybeEnterChroot()) { 361 if (!MaybeEnterChroot()) {
354 LOG(FATAL) << "Failed to enter sandbox. Fail safe abort. (errno: " 362 LOG(FATAL) << "Failed to enter sandbox. Fail safe abort. (errno: "
355 << errno << ")"; 363 << errno << ")";
356 return false; 364 return false;
357 } 365 }
358 366
359 Zygote zygote; 367 Zygote zygote;
360 return zygote.ProcessRequests(); 368 return zygote.ProcessRequests();
361 } 369 }
OLDNEW
« no previous file with comments | « chrome/browser/zygote_host_linux.cc ('k') | chrome/common/chrome_switches.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698