| Index: content/common/child_process_host.h
|
| ===================================================================
|
| --- content/common/child_process_host.h (revision 97969)
|
| +++ content/common/child_process_host.h (working copy)
|
| @@ -33,6 +33,42 @@
|
| class ChildProcessHost : public IPC::Channel::Listener,
|
| public IPC::Message::Sender {
|
| public:
|
| +
|
| + // These flags may be passed to GetChildPath in order to alter its behavior,
|
| + // causing it to return a child path more suited to a specific task.
|
| + enum {
|
| + // No special behavior requested.
|
| + CHILD_NORMAL = 0,
|
| +
|
| +#if defined(OS_LINUX)
|
| + // Indicates that the child execed after forking may be execced from
|
| + // /proc/self/exe rather than using the "real" app path. This prevents
|
| + // autoupdate from confusing us if it changes the file out from under us.
|
| + // You will generally want to set this on Linux, except when there is an
|
| + // override to the command line (for example, we're forking a renderer in
|
| + // gdb). In this case, you'd use GetChildPath to get the real executable
|
| + // file name, and then prepend the GDB command to the command line.
|
| + CHILD_ALLOW_SELF = 1 << 0,
|
| +#elif defined(OS_MACOSX)
|
| +
|
| + // Requests that the child run in a process that does not have the
|
| + // PIE (position-independent executable) bit set, effectively disabling
|
| + // ASLR. For process types that need to allocate a large contiguous
|
| + // region, ASLR may not leave a large enough "hole" for the purpose. This
|
| + // option should be used sparingly, and only when absolutely necessary.
|
| + // This option is currently incompatible with CHILD_ALLOW_HEAP_EXECUTION.
|
| + CHILD_NO_PIE = 1 << 1,
|
| +
|
| + // Requests that the child run in a process that does not protect the
|
| + // heap against execution. Normally, heap pages may be made executable
|
| + // with mprotect, so this mode should be used sparingly. It is intended
|
| + // for processes that may host plug-ins that expect an executable heap
|
| + // without having to call mprotect. This option is currently incompatible
|
| + // with CHILD_NO_PIE.
|
| + CHILD_ALLOW_HEAP_EXECUTION = 1 << 2,
|
| +#endif
|
| + };
|
| +
|
| virtual ~ChildProcessHost();
|
|
|
| // Returns the pathname to be used for a child process. If a subprocess
|
| @@ -40,16 +76,12 @@
|
| // the default child process pathname will be returned. On most platforms,
|
| // this will be the same as the currently-executing process.
|
| //
|
| - // The argument allow_self is used on Linux to indicate that we allow us to
|
| - // fork from /proc/self/exe rather than using the "real" app path. This
|
| - // prevents autoupdate from confusing us if it changes the file out from
|
| - // under us. You will generally want to set this to true, except when there
|
| - // is an override to the command line (for example, we're forking a renderer
|
| - // in gdb). In this case, you'd use GetChildPath to get the real executable
|
| - // file name, and then prepend the GDB command to the command line.
|
| + // The |flags| argument accepts one or more flags such as CHILD_ALLOW_SELF
|
| + // and CHILD_ALLOW_HEAP_EXECUTION as defined above. Pass only CHILD_NORMAL
|
| + // if none of these special behaviors are required.
|
| //
|
| // On failure, returns an empty FilePath.
|
| - static FilePath GetChildPath(bool allow_self);
|
| + static FilePath GetChildPath(int flags);
|
|
|
| #if defined(OS_WIN)
|
| // See comments in the cc file. This is a common hack needed for a process
|
|
|
Chromium Code Reviews
Issue 7714018:
Give plug-in processes an executable heap and disable PIE/ASLR for Native (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/