Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(312)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/zygote_host/zygote_host_impl_linux.cc

Issue 24117002: Print a better error message (links to doc) on SUID sandbox problems. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 7 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/browser/zygote_host/zygote_host_impl_linux.h" 5 #include "content/browser/zygote_host/zygote_host_impl_linux.h"
6 6
7 #include <sys/socket.h> 7 #include <sys/socket.h>
8 #include <sys/stat.h> 8 #include <sys/stat.h>
9 #include <sys/types.h> 9 #include <sys/types.h>
10 #include <unistd.h> 10 #include <unistd.h>
(...skipping 109 matching lines...) Expand 10 before | Expand all | Expand 10 after
120 120
121 sandbox_binary_ = sandbox_cmd.c_str(); 121 sandbox_binary_ = sandbox_cmd.c_str();
122 122
123 // A non empty sandbox_cmd means we want a SUID sandbox. 123 // A non empty sandbox_cmd means we want a SUID sandbox.
124 using_suid_sandbox_ = !sandbox_cmd.empty(); 124 using_suid_sandbox_ = !sandbox_cmd.empty();
125 125
126 if (using_suid_sandbox_) { 126 if (using_suid_sandbox_) {
127 struct stat st; 127 struct stat st;
128 if (stat(sandbox_binary_.c_str(), &st) != 0) { 128 if (stat(sandbox_binary_.c_str(), &st) != 0) {
129 LOG(FATAL) << "The SUID sandbox helper binary is missing: " 129 LOG(FATAL) << "The SUID sandbox helper binary is missing: "
130 << sandbox_binary_ << " Aborting now."; 130 << sandbox_binary_ << " Aborting now. "
131 << "See https://code.google.com/p/chromium/wiki/LinuxSUIDSandbo x "
Lei Zhang 2013/09/12 01:07:31 Maybe just add a helper function instead of repeat
132 << "and https://code.google.com/p/chromium/wiki/LinuxSUIDSandbo xDevelopment "
133 << "for more info.";
131 } 134 }
132 135
133 if (access(sandbox_binary_.c_str(), X_OK) == 0 && 136 if (access(sandbox_binary_.c_str(), X_OK) == 0 &&
134 (st.st_uid == 0) && 137 (st.st_uid == 0) &&
135 (st.st_mode & S_ISUID) && 138 (st.st_mode & S_ISUID) &&
136 (st.st_mode & S_IXOTH)) { 139 (st.st_mode & S_IXOTH)) {
137 cmd_line.PrependWrapper(sandbox_binary_); 140 cmd_line.PrependWrapper(sandbox_binary_);
138 141
139 scoped_ptr<sandbox::SetuidSandboxClient> 142 scoped_ptr<sandbox::SetuidSandboxClient>
140 sandbox_client(sandbox::SetuidSandboxClient::Create()); 143 sandbox_client(sandbox::SetuidSandboxClient::Create());
141 sandbox_client->SetupLaunchEnvironment(); 144 sandbox_client->SetupLaunchEnvironment();
142 } else { 145 } else {
143 LOG(FATAL) << "The SUID sandbox helper binary was found, but is not " 146 LOG(FATAL) << "The SUID sandbox helper binary was found, but is not "
144 "configured correctly. Rather than run without sandboxing " 147 "configured correctly. Rather than run without sandboxing "
145 "I'm aborting now. You need to make sure that " 148 "I'm aborting now. You need to make sure that "
146 << sandbox_binary_ << " is owned by root and has mode 4755."; 149 << sandbox_binary_ << " is owned by root and has mode 4755. "
150 << "See https://code.google.com/p/chromium/wiki/LinuxSUIDSandbo x "
151 << "and https://code.google.com/p/chromium/wiki/LinuxSUIDSandbo xDevelopment "
152 << "for more info.";
147 } 153 }
148 } 154 }
149 155
150 // Start up the sandbox host process and get the file descriptor for the 156 // Start up the sandbox host process and get the file descriptor for the
151 // renderers to talk to it. 157 // renderers to talk to it.
152 const int sfd = RenderSandboxHostLinux::GetInstance()->GetRendererSocket(); 158 const int sfd = RenderSandboxHostLinux::GetInstance()->GetRendererSocket();
153 fds_to_map.push_back(std::make_pair(sfd, GetSandboxFD())); 159 fds_to_map.push_back(std::make_pair(sfd, GetSandboxFD()));
154 160
155 int dummy_fd = -1; 161 int dummy_fd = -1;
156 if (using_suid_sandbox_) { 162 if (using_suid_sandbox_) {
(...skipping 349 matching lines...) Expand 10 before | Expand all | Expand 10 after
506 return RenderSandboxHostLinux::GetInstance()->pid(); 512 return RenderSandboxHostLinux::GetInstance()->pid();
507 } 513 }
508 514
509 int ZygoteHostImpl::GetSandboxStatus() const { 515 int ZygoteHostImpl::GetSandboxStatus() const {
510 if (have_read_sandbox_status_word_) 516 if (have_read_sandbox_status_word_)
511 return sandbox_status_; 517 return sandbox_status_;
512 return 0; 518 return 0;
513 } 519 }
514 520
515 } // namespace content 521 } // namespace content
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698