chrome/browser/zygote_host_linux.cc - Issue 270041: Document why we choose SOCK_SEQPACKET. - Code Review

Chromium Code Reviews

chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out

(8343)

My Issues | Starred Open | Closed | All

Unified Diff: chrome/browser/zygote_host_linux.cc

Issue 270041: Document why we choose SOCK_SEQPACKET. Base URL: svn://svn.chromium.org/chrome/trunk/src/

Patch Set: Created 11 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: chrome/browser/zygote_host_linux.cc

===================================================================

--- chrome/browser/zygote_host_linux.cc (revision 26988)

+++ chrome/browser/zygote_host_linux.cc (working copy)

@@ -54,7 +54,14 @@

switches::kZygoteProcess);

int fds[2];

+

+ // SOCK_SEQPACKET is used rather than SOCK_DGRAM because SOCK_DGRAM

+ // allows sendto()/sendmsg() to send to arbitrary addresses, and the

+ // SUID sandbox cannot prevent that. Apart from this security

+ // problem, SOCK_DGRAM also has the correct semantics for this

+ // socket pair.

CHECK(socketpair(PF_UNIX, SOCK_SEQPACKET, 0, fds) == 0);

+

base::file_handle_mapping_vector fds_to_map;

fds_to_map.push_back(std::make_pair(fds[1], 3));

« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine

This is Rietveld 408576698