Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(322)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/suid/sandbox.cc

Issue 155584: Merge 20733 - Linux: propagate LD_LIBRARY_PATH through the SUID sandbox.... (Closed) Base URL: svn://chrome-svn/chrome/branches/194/src/
Patch Set: Created 11 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « chrome/browser/zygote_host_linux.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Property Changes:
Added: svn:mergeinfo
Merged /branches/chrome_webkit_merge_branch/sandbox/linux/suid/sandbox.cc:r69-2775
Merged /trunk/src/sandbox/linux/suid/sandbox.cc:r20733
OLDNEW
1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2009 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // http://code.google.com/p/chromium/wiki/LinuxSUIDSandbox 5 // http://code.google.com/p/chromium/wiki/LinuxSUIDSandbox
6 6
7 #include <asm/unistd.h> 7 #include <asm/unistd.h>
8 #include <errno.h> 8 #include <errno.h>
9 #include <fcntl.h> 9 #include <fcntl.h>
10 #include <sched.h> 10 #include <sched.h>
(...skipping 200 matching lines...) Expand 10 before | Expand all | Expand 10 after
211 } 211 }
212 212
213 if (setresuid(ruid, ruid, ruid)) { 213 if (setresuid(ruid, ruid, ruid)) {
214 perror("setresuid"); 214 perror("setresuid");
215 return false; 215 return false;
216 } 216 }
217 217
218 return true; 218 return true;
219 } 219 }
220 220
221 static bool SetupChildEnvironment() {
222 // ld.so will have cleared LD_LIBRARY_PATH because we are SUID. However, the
223 // child process might need this so zygote_host_linux.cc saved a copy in
224 // SANDBOX_LD_LIBRARY_PATH.
225 const char* sandbox_ld_library_path = getenv("SANDBOX_LD_LIBRARY_PATH");
226 if (sandbox_ld_library_path) {
227 setenv("LD_LIBRARY_PATH", sandbox_ld_library_path, 1 /* overwrite */);
228 unsetenv("SANDBOX_LD_LIBRARY_PATH");
229 }
230
231 return true;
232 }
233
221 int main(int argc, char **argv) { 234 int main(int argc, char **argv) {
222 if (argc == 1) { 235 if (argc == 1) {
223 fprintf(stderr, "Usage: %s <renderer process> <args...>\n", argv[0]); 236 fprintf(stderr, "Usage: %s <renderer process> <args...>\n", argv[0]);
224 return 1; 237 return 1;
225 } 238 }
226 239
227 if (strcmp(argv[1], kChromeBinary)) { 240 if (strcmp(argv[1], kChromeBinary)) {
228 fprintf(stderr, "This wrapper can only run %s!\n", kChromeBinary); 241 fprintf(stderr, "This wrapper can only run %s!\n", kChromeBinary);
229 return 1; 242 return 1;
230 } 243 }
231 244
232 if (!MoveToNewPIDNamespace()) 245 if (!MoveToNewPIDNamespace())
233 return 1; 246 return 1;
234 if (!SpawnChrootHelper()) 247 if (!SpawnChrootHelper())
235 return 1; 248 return 1;
236 if (!DropRoot()) 249 if (!DropRoot())
237 return 1; 250 return 1;
251 if (!SetupChildEnvironment())
252 return 1;
238 253
239 execv(argv[1], &argv[1]); 254 execv(argv[1], &argv[1]);
240 FatalError("execv failed"); 255 FatalError("execv failed");
241 256
242 return 1; 257 return 1;
243 } 258 }
OLDNEW
« no previous file with comments | « chrome/browser/zygote_host_linux.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698