| OLD | NEW |
|---|
| 1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "build/build_config.h" |
| 6 |
| 5 #include <dlfcn.h> | 7 #include <dlfcn.h> |
| 6 #include <unistd.h> | 8 #include <unistd.h> |
| 9 #if defined(OS_FREEBSD) |
| 10 #include <signal.h> |
| 11 #else |
| 7 #include <sys/epoll.h> | 12 #include <sys/epoll.h> |
| 13 #endif |
| 8 #include <sys/types.h> | 14 #include <sys/types.h> |
| 9 #include <sys/socket.h> | 15 #include <sys/socket.h> |
| 16 #if !defined(OS_FREEBSD) |
| 10 #include <sys/signal.h> | 17 #include <sys/signal.h> |
| 11 #include <sys/prctl.h> | 18 #include <sys/prctl.h> |
| 19 #endif |
| 12 #include <sys/wait.h> | 20 #include <sys/wait.h> |
| 13 | 21 |
| 14 #include "base/basictypes.h" | 22 #include "base/basictypes.h" |
| 15 #include "base/command_line.h" | 23 #include "base/command_line.h" |
| 16 #include "base/eintr_wrapper.h" | 24 #include "base/eintr_wrapper.h" |
| 17 #include "base/global_descriptors_posix.h" | 25 #include "base/global_descriptors_posix.h" |
| 18 #include "base/path_service.h" | 26 #include "base/path_service.h" |
| 19 #include "base/pickle.h" | 27 #include "base/pickle.h" |
| 20 #include "base/rand_util.h" | 28 #include "base/rand_util.h" |
| 21 #include "base/sys_info.h" | 29 #include "base/sys_info.h" |
| (...skipping 378 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 400 return false; | 408 return false; |
| 401 } | 409 } |
| 402 | 410 |
| 403 if (reply != kChrootMeSuccess) { | 411 if (reply != kChrootMeSuccess) { |
| 404 LOG(ERROR) << "Error code reply from chroot helper"; | 412 LOG(ERROR) << "Error code reply from chroot helper"; |
| 405 return false; | 413 return false; |
| 406 } | 414 } |
| 407 | 415 |
| 408 SkiaFontConfigUseIPCImplementation(kMagicSandboxIPCDescriptor); | 416 SkiaFontConfigUseIPCImplementation(kMagicSandboxIPCDescriptor); |
| 409 | 417 |
| 418 // TODO(benl): Do something for FreeBSD... |
| 419 #if !defined(OS_FREEBSD) |
| 410 // Previously, we required that the binary be non-readable. This causes the | 420 // Previously, we required that the binary be non-readable. This causes the |
| 411 // kernel to mark the process as non-dumpable at startup. The thinking was | 421 // kernel to mark the process as non-dumpable at startup. The thinking was |
| 412 // that, although we were putting the renderers into a PID namespace (with | 422 // that, although we were putting the renderers into a PID namespace (with |
| 413 // the SUID sandbox), they would nonetheless be in the /same/ PID | 423 // the SUID sandbox), they would nonetheless be in the /same/ PID |
| 414 // namespace. So they could ptrace each other unless they were non-dumpable. | 424 // namespace. So they could ptrace each other unless they were non-dumpable. |
| 415 // | 425 // |
| 416 // If the binary was readable, then there would be a window between process | 426 // If the binary was readable, then there would be a window between process |
| 417 // startup and the point where we set the non-dumpable flag in which a | 427 // startup and the point where we set the non-dumpable flag in which a |
| 418 // compromised renderer could ptrace attach. | 428 // compromised renderer could ptrace attach. |
| 419 // | 429 // |
| 420 // However, now that we have a zygote model, only the (trusted) zygote | 430 // However, now that we have a zygote model, only the (trusted) zygote |
| 421 // exists at this point and we can set the non-dumpable flag which is | 431 // exists at this point and we can set the non-dumpable flag which is |
| 422 // inherited by all our renderer children. | 432 // inherited by all our renderer children. |
| 423 // | 433 // |
| 424 // Note: a non-dumpable process can't be debugged. To debug sandbox-related | 434 // Note: a non-dumpable process can't be debugged. To debug sandbox-related |
| 425 // issues, one can specify --allow-sandbox-debugging to let the process be | 435 // issues, one can specify --allow-sandbox-debugging to let the process be |
| 426 // dumpable. | 436 // dumpable. |
| 427 const CommandLine& command_line = *CommandLine::ForCurrentProcess(); | 437 const CommandLine& command_line = *CommandLine::ForCurrentProcess(); |
| 428 if (!command_line.HasSwitch(switches::kAllowSandboxDebugging)) { | 438 if (!command_line.HasSwitch(switches::kAllowSandboxDebugging)) { |
| 429 prctl(PR_SET_DUMPABLE, 0, 0, 0, 0); | 439 prctl(PR_SET_DUMPABLE, 0, 0, 0, 0); |
| 430 if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0)) { | 440 if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0)) { |
| 431 LOG(ERROR) << "Failed to set non-dumpable flag"; | 441 LOG(ERROR) << "Failed to set non-dumpable flag"; |
| 432 return false; | 442 return false; |
| 433 } | 443 } |
| 434 } | 444 } |
| 445 #endif |
| 435 } else { | 446 } else { |
| 436 SkiaFontConfigUseDirectImplementation(); | 447 SkiaFontConfigUseDirectImplementation(); |
| 437 } | 448 } |
| 438 | 449 |
| 439 return true; | 450 return true; |
| 440 } | 451 } |
| 441 | 452 |
| 442 bool ZygoteMain(const MainFunctionParams& params) { | 453 bool ZygoteMain(const MainFunctionParams& params) { |
| 443 g_am_zygote_or_renderer = true; | 454 g_am_zygote_or_renderer = true; |
| 444 | 455 |
| 445 if (!MaybeEnterChroot()) { | 456 if (!MaybeEnterChroot()) { |
| 446 LOG(FATAL) << "Failed to enter sandbox. Fail safe abort. (errno: " | 457 LOG(FATAL) << "Failed to enter sandbox. Fail safe abort. (errno: " |
| 447 << errno << ")"; | 458 << errno << ")"; |
| 448 return false; | 459 return false; |
| 449 } | 460 } |
| 450 | 461 |
| 451 Zygote zygote; | 462 Zygote zygote; |
| 452 return zygote.ProcessRequests(); | 463 return zygote.ProcessRequests(); |
| 453 } | 464 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 199105:
Continue with the FreeBSD port - this version builds and links, though... (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/