[Linux] Use PR_SET_NO_NEW_PRIVS by default in base/process/launch.h.

base/process/launch_posix.cc

Index: base/process/launch_posix.cc
diff --git a/base/process/launch_posix.cc b/base/process/launch_posix.cc
index 79e74d5877dbd5baa856729555ee707925f393b6..87069eec19a2e1bf02b4c8e46759b0faa9e28654 100644
--- a/base/process/launch_posix.cc
+++ b/base/process/launch_posix.cc
@@ -38,6 +38,10 @@
 #include "base/threading/platform_thread.h"
 #include "base/threading/thread_restrictions.h"
 
+#if defined(OS_LINUX)
+#include <sys/prctl.h>
+#endif
+
 #if defined(OS_CHROMEOS)
 #include <sys/ioctl.h>
 #endif
@@ -424,6 +428,17 @@ bool LaunchProcess(const std::vector<std::string>& argv,
 
     CloseSuperfluousFds(fd_shuffle2);
 
+    // Set NO_NEW_PRIVS by default. Since NO_NEW_PRIVS only exists in kernel
+    // 3.5+, do not check the return value of prctl here.
+#if defined(OS_LINUX)
+#ifndef PR_SET_NO_NEW_PRIVS
+#define PR_SET_NO_NEW_PRIVS 38
+#endif
+    if (!options.allow_new_privs) {
+      prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0);

[jln (very slow on Chromium), 2014/04/01 21:54:23]

Do you want to at least DCHECK_EQ(EINVAL, errno) if this returns -1?

[Robert Sesek, 2014/04/02 15:39:22]

Done.

+    }
+#endif
+
     for (size_t i = 0; i < argv.size(); i++)
       argv_cstr[i] = const_cast<char*>(argv[i].c_str());
     argv_cstr[argv.size()] = NULL;