| OLD | NEW |
|---|
| 1 // Copyright 2014 The Crashpad Authors. All rights reserved. | 1 // Copyright 2014 The Crashpad Authors. All rights reserved. |
| 2 // | 2 // |
| 3 // Licensed under the Apache License, Version 2.0 (the "License"); | 3 // Licensed under the Apache License, Version 2.0 (the "License"); |
| 4 // you may not use this file except in compliance with the License. | 4 // you may not use this file except in compliance with the License. |
| 5 // You may obtain a copy of the License at | 5 // You may obtain a copy of the License at |
| 6 // | 6 // |
| 7 // http://www.apache.org/licenses/LICENSE-2.0 | 7 // http://www.apache.org/licenses/LICENSE-2.0 |
| 8 // | 8 // |
| 9 // Unless required by applicable law or agreed to in writing, software | 9 // Unless required by applicable law or agreed to in writing, software |
| 10 // distributed under the License is distributed on an "AS IS" BASIS, | 10 // distributed under the License is distributed on an "AS IS" BASIS, |
| (...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 64 // ensure that privileges cannot be regained. This can only be done if the | 64 // ensure that privileges cannot be regained. This can only be done if the |
| 65 // real user ID (and now the effective user ID as well) is not root, because | 65 // real user ID (and now the effective user ID as well) is not root, because |
| 66 // root always has permission to change identity. | 66 // root always has permission to change identity. |
| 67 if (euid != uid) { | 67 if (euid != uid) { |
| 68 CHECK_EQ(seteuid(euid), -1); | 68 CHECK_EQ(seteuid(euid), -1); |
| 69 } | 69 } |
| 70 if (egid != gid) { | 70 if (egid != gid) { |
| 71 CHECK_EQ(setegid(egid), -1); | 71 CHECK_EQ(setegid(egid), -1); |
| 72 } | 72 } |
| 73 } | 73 } |
| 74 #elif defined(OS_LINUX) | 74 #elif defined(OS_LINUX) || defined(OS_ANDROID) |
| 75 PCHECK(setresgid(gid, gid, gid) == 0) << "setresgid"; | 75 PCHECK(setresgid(gid, gid, gid) == 0) << "setresgid"; |
| 76 PCHECK(setresuid(uid, uid, uid) == 0) << "setresuid"; | 76 PCHECK(setresuid(uid, uid, uid) == 0) << "setresuid"; |
| 77 | 77 |
| 78 // Don’t check to see if privileges can be regained on Linux, because on | 78 // Don’t check to see if privileges can be regained on Linux, because on |
| 79 // Linux, it’s not as simple as ensuring that this can’t be done if non-root. | 79 // Linux, it’s not as simple as ensuring that this can’t be done if non-root. |
| 80 // Instead, the ability to change user and group IDs are controlled by the | 80 // Instead, the ability to change user and group IDs are controlled by the |
| 81 // CAP_SETUID and CAP_SETGID capabilities, which may be granted to non-root | 81 // CAP_SETUID and CAP_SETGID capabilities, which may be granted to non-root |
| 82 // processes. Since the setresXid() interface is well-defined, it shouldn’t be | 82 // processes. Since the setresXid() interface is well-defined, it shouldn’t be |
| 83 // necessary to perform any additional checking anyway. | 83 // necessary to perform any additional checking anyway. |
| 84 // | 84 // |
| 85 // TODO(mark): Drop CAP_SETUID and CAP_SETGID if present and non-root? | 85 // TODO(mark): Drop CAP_SETUID and CAP_SETGID if present and non-root? |
| 86 #else | 86 #else |
| 87 #error Port this function to your system. | 87 #error Port this function to your system. |
| 88 #endif | 88 #endif |
| 89 } | 89 } |
| 90 | 90 |
| 91 } // namespace crashpad | 91 } // namespace crashpad |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2478633002:
Update Crashpad to b47bf6c250c6b825dee1c5fbad9152c2c962e828 (Closed)
