| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/zygote_host_linux.h" | 5 #include "content/browser/zygote_host_linux.h" |
| 6 | 6 |
| 7 #include <dlfcn.h> | 7 #include <dlfcn.h> |
| 8 #include <fcntl.h> | 8 #include <fcntl.h> |
| 9 #include <pthread.h> | 9 #include <pthread.h> |
| 10 #include <sys/socket.h> | 10 #include <sys/socket.h> |
| (...skipping 740 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 751 } | 751 } |
| 752 | 752 |
| 753 if (reply != kMsgChrootSuccessful) { | 753 if (reply != kMsgChrootSuccessful) { |
| 754 LOG(ERROR) << "Error code reply from chroot helper"; | 754 LOG(ERROR) << "Error code reply from chroot helper"; |
| 755 return false; | 755 return false; |
| 756 } | 756 } |
| 757 | 757 |
| 758 SkiaFontConfigSetImplementation( | 758 SkiaFontConfigSetImplementation( |
| 759 new FontConfigIPC(kMagicSandboxIPCDescriptor)); | 759 new FontConfigIPC(kMagicSandboxIPCDescriptor)); |
| 760 | 760 |
| 761 #if !defined(OS_OPENBSD) |
| 761 // Previously, we required that the binary be non-readable. This causes the | 762 // Previously, we required that the binary be non-readable. This causes the |
| 762 // kernel to mark the process as non-dumpable at startup. The thinking was | 763 // kernel to mark the process as non-dumpable at startup. The thinking was |
| 763 // that, although we were putting the renderers into a PID namespace (with | 764 // that, although we were putting the renderers into a PID namespace (with |
| 764 // the SUID sandbox), they would nonetheless be in the /same/ PID | 765 // the SUID sandbox), they would nonetheless be in the /same/ PID |
| 765 // namespace. So they could ptrace each other unless they were non-dumpable. | 766 // namespace. So they could ptrace each other unless they were non-dumpable. |
| 766 // | 767 // |
| 767 // If the binary was readable, then there would be a window between process | 768 // If the binary was readable, then there would be a window between process |
| 768 // startup and the point where we set the non-dumpable flag in which a | 769 // startup and the point where we set the non-dumpable flag in which a |
| 769 // compromised renderer could ptrace attach. | 770 // compromised renderer could ptrace attach. |
| 770 // | 771 // |
| 771 // However, now that we have a zygote model, only the (trusted) zygote | 772 // However, now that we have a zygote model, only the (trusted) zygote |
| 772 // exists at this point and we can set the non-dumpable flag which is | 773 // exists at this point and we can set the non-dumpable flag which is |
| 773 // inherited by all our renderer children. | 774 // inherited by all our renderer children. |
| 774 // | 775 // |
| 775 // Note: a non-dumpable process can't be debugged. To debug sandbox-related | 776 // Note: a non-dumpable process can't be debugged. To debug sandbox-related |
| 776 // issues, one can specify --allow-sandbox-debugging to let the process be | 777 // issues, one can specify --allow-sandbox-debugging to let the process be |
| 777 // dumpable. | 778 // dumpable. |
| 778 const CommandLine& command_line = *CommandLine::ForCurrentProcess(); | 779 const CommandLine& command_line = *CommandLine::ForCurrentProcess(); |
| 779 if (!command_line.HasSwitch(switches::kAllowSandboxDebugging)) { | 780 if (!command_line.HasSwitch(switches::kAllowSandboxDebugging)) { |
| 780 prctl(PR_SET_DUMPABLE, 0, 0, 0, 0); | 781 prctl(PR_SET_DUMPABLE, 0, 0, 0, 0); |
| 781 if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0)) { | 782 if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0)) { |
| 782 LOG(ERROR) << "Failed to set non-dumpable flag"; | 783 LOG(ERROR) << "Failed to set non-dumpable flag"; |
| 783 return false; | 784 return false; |
| 784 } | 785 } |
| 785 } | 786 } |
| 787 #endif |
| 786 #if defined(SECCOMP_SANDBOX) | 788 #if defined(SECCOMP_SANDBOX) |
| 787 } else if (SeccompSandboxEnabled()) { | 789 } else if (SeccompSandboxEnabled()) { |
| 788 PreSandboxInit(); | 790 PreSandboxInit(); |
| 789 SkiaFontConfigSetImplementation( | 791 SkiaFontConfigSetImplementation( |
| 790 new FontConfigIPC(kMagicSandboxIPCDescriptor)); | 792 new FontConfigIPC(kMagicSandboxIPCDescriptor)); |
| 791 #endif | 793 #endif |
| 792 } else { | 794 } else { |
| 793 SkiaFontConfigUseDirectImplementation(); | 795 SkiaFontConfigUseDirectImplementation(); |
| 794 } | 796 } |
| 795 | 797 |
| (...skipping 69 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 865 VLOG(1) << "Enabling experimental Seccomp sandbox."; | 867 VLOG(1) << "Enabling experimental Seccomp sandbox."; |
| 866 sandbox_flags |= ZygoteHost::kSandboxSeccomp; | 868 sandbox_flags |= ZygoteHost::kSandboxSeccomp; |
| 867 } | 869 } |
| 868 } | 870 } |
| 869 #endif // SECCOMP_SANDBOX | 871 #endif // SECCOMP_SANDBOX |
| 870 | 872 |
| 871 Zygote zygote(sandbox_flags, forkdelegate); | 873 Zygote zygote(sandbox_flags, forkdelegate); |
| 872 // This function call can return multiple times, once per fork(). | 874 // This function call can return multiple times, once per fork(). |
| 873 return zygote.ProcessRequests(); | 875 return zygote.ProcessRequests(); |
| 874 } | 876 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 8341052:
share all the needed linux code with OpenBSD in chrome and content (Closed)
Base URL: http://git.chromium.org/chromium/src.git@master