Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(305)

Issue 262020: Add support for getting the real process id from within the suid sandbox. The... (Closed)

Created:
11 years, 2 months ago by Lei Zhang
Modified:
9 years, 7 months ago
Reviewers:
agl
CC:
chromium-reviews_googlegroups.com, brettw+cc_chromium.org, darin (slow to review), jam, ben+cc_chromium.org
Visibility:
Public.

Description

Add support for getting the real process id from within the suid sandbox. The browser processes gets the real process ids, so they look correct in the task manager. When it asks the zygote to reap a process, we use the process ids internal to the sandbox. While we are at it, reap the sandbox process after it clones the zygote and figure out zygote's actual process id. Save the actual process id rather than that of the sandbox. BUG=20012, 20714, 23072 TEST=Process IDs for renderers should be correct in the task manager and you should be able to use the end process button to kill them.

Patch Set 1 #

Total comments: 6

Patch Set 2 : '' #

Total comments: 3

Patch Set 3 : '' #

Patch Set 4 : identify processes using sockets #

Total comments: 14

Patch Set 5 : address comments #

Patch Set 6 : fix SOCK_ typo, only send zygote magic string when using the sandbox #

Unified diffs Side-by-side diffs Delta from patch set Stats (+300 lines, -80 lines) Patch
M base/linux_util.h View 1 chunk +2 lines, -0 lines 0 comments Download
M chrome/app/chrome_dll_main.cc View 4 6 chunks +28 lines, -5 lines 0 comments Download
MM chrome/browser/renderer_host/render_sandbox_host_linux.h View 4 3 chunks +14 lines, -3 lines 0 comments Download
M chrome/browser/renderer_host/render_sandbox_host_linux.cc View 1 2 3 4 12 chunks +66 lines, -14 lines 0 comments Download
M chrome/browser/zygote_host_linux.h View 3 4 2 chunks +7 lines, -4 lines 0 comments Download
M chrome/browser/zygote_host_linux.cc View 3 4 5 7 chunks +70 lines, -23 lines 0 comments Download
M chrome/browser/zygote_main_linux.cc View 1 2 3 4 5 10 chunks +107 lines, -26 lines 0 comments Download
M chrome/chrome.gyp View 4 2 chunks +5 lines, -5 lines 0 comments Download
MM chrome/common/sandbox_methods_linux.h View 1 2 3 4 1 chunk +1 line, -0 lines 0 comments Download

Messages

Total messages: 12 (0 generated)
Lei Zhang
On some machines, in the suid sandbox, fork() returns pids like 3 and 9. I ...
11 years, 2 months ago (2009-10-08 09:24:15 UTC) #1
agl
This isn't some random kernel bug: the SUID sandbox will install the zygote into a ...
11 years, 2 months ago (2009-10-08 17:47:29 UTC) #2
Lei Zhang
http://codereview.chromium.org/262020/diff/1/3 File base/process_util_linux.cc (right): http://codereview.chromium.org/262020/diff/1/3#newcode98 Line 98: ProcessId GetProcessWithChannelID(const std::wstring& executable_name, On 2009/10/08 17:47:30, agl ...
11 years, 2 months ago (2009-10-08 22:34:50 UTC) #3
agl
I think it would be better to enumerate the children of the current process. That ...
11 years, 2 months ago (2009-10-08 23:53:19 UTC) #4
Lei Zhang
http://codereview.chromium.org/262020/diff/1004/2003 File chrome/browser/renderer_host/render_sandbox_host_linux.cc (right): http://codereview.chromium.org/262020/diff/1004/2003#newcode264 Line 264: base::NamedProcessIterator proc_iter(L"chrome", NULL); On 2009/10/08 23:53:19, agl wrote: ...
11 years, 2 months ago (2009-10-09 00:03:36 UTC) #5
agl
http://codereview.chromium.org/262020/diff/1004/2003 File chrome/browser/renderer_host/render_sandbox_host_linux.cc (right): http://codereview.chromium.org/262020/diff/1004/2003#newcode264 Line 264: base::NamedProcessIterator proc_iter(L"chrome", NULL); On 2009/10/09 00:03:36, Lei Zhang ...
11 years, 2 months ago (2009-10-09 00:11:21 UTC) #6
Lei Zhang
On 2009/10/09 00:11:21, agl wrote: > http://codereview.chromium.org/262020/diff/1004/2003 > File chrome/browser/renderer_host/render_sandbox_host_linux.cc (right): > > http://codereview.chromium.org/262020/diff/1004/2003#newcode264 > ...
11 years, 2 months ago (2009-10-09 18:56:36 UTC) #7
Lei Zhang
Ok, finally got around to rewriting this to identify processes by searching for a socket ...
11 years, 2 months ago (2009-10-21 08:11:53 UTC) #8
agl
LGTM with trepidation. This is probably the best design, but that doesn't mean that I ...
11 years, 2 months ago (2009-10-23 18:15:15 UTC) #9
Lei Zhang
Still need a bit more work. Currently, you can disable the sandbox by just removing ...
11 years, 1 month ago (2009-10-29 21:23:41 UTC) #10
Lei Zhang
Ok, fixed the stupid error.
11 years, 1 month ago (2009-10-29 22:40:57 UTC) #11
agl
11 years, 1 month ago (2009-10-30 00:06:57 UTC) #12
LGTM

Powered by Google App Engine
This is Rietveld 408576698