| OLD | NEW |
|---|
| 1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // http://code.google.com/p/chromium/wiki/LinuxSUIDSandbox | 5 // http://code.google.com/p/chromium/wiki/LinuxSUIDSandbox |
| 6 | 6 |
| 7 #define _GNU_SOURCE | 7 #define _GNU_SOURCE |
| 8 #include <asm/unistd.h> | 8 #include <asm/unistd.h> |
| 9 #include <errno.h> | 9 #include <errno.h> |
| 10 #include <fcntl.h> | 10 #include <fcntl.h> |
| (...skipping 18 matching lines...) Expand all Loading... |
| 29 #include "linux_util.h" | 29 #include "linux_util.h" |
| 30 #include "process_util.h" | 30 #include "process_util.h" |
| 31 #include "suid_unsafe_environment_variables.h" | 31 #include "suid_unsafe_environment_variables.h" |
| 32 | 32 |
| 33 #if !defined(CLONE_NEWPID) | 33 #if !defined(CLONE_NEWPID) |
| 34 #define CLONE_NEWPID 0x20000000 | 34 #define CLONE_NEWPID 0x20000000 |
| 35 #endif | 35 #endif |
| 36 #if !defined(CLONE_NEWNET) | 36 #if !defined(CLONE_NEWNET) |
| 37 #define CLONE_NEWNET 0x40000000 | 37 #define CLONE_NEWNET 0x40000000 |
| 38 #endif | 38 #endif |
| 39 #if !defined(CLONE_NEWNS) | |
| 40 #define CLONE_NEWNS 0x00020000 | |
| 41 #endif | |
| 42 | 39 |
| 43 #if !defined(BTRFS_SUPER_MAGIC) | 40 #if !defined(BTRFS_SUPER_MAGIC) |
| 44 #define BTRFS_SUPER_MAGIC 0x9123683E | 41 #define BTRFS_SUPER_MAGIC 0x9123683E |
| 45 #endif | 42 #endif |
| 46 #if !defined(EXT2_SUPER_MAGIC) | 43 #if !defined(EXT2_SUPER_MAGIC) |
| 47 #define EXT2_SUPER_MAGIC 0xEF53 | 44 #define EXT2_SUPER_MAGIC 0xEF53 |
| 48 #endif | 45 #endif |
| 49 #if !defined(EXT3_SUPER_MAGIC) | 46 #if !defined(EXT3_SUPER_MAGIC) |
| 50 #define EXT3_SUPER_MAGIC 0xEF53 | 47 #define EXT3_SUPER_MAGIC 0xEF53 |
| 51 #endif | 48 #endif |
| (...skipping 210 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 262 close(chroot_signal_fd); | 259 close(chroot_signal_fd); |
| 263 return false; | 260 return false; |
| 264 } | 261 } |
| 265 | 262 |
| 266 return true; | 263 return true; |
| 267 } | 264 } |
| 268 | 265 |
| 269 static bool MoveToNewNamespaces() { | 266 static bool MoveToNewNamespaces() { |
| 270 // These are the sets of flags which we'll try, in order. | 267 // These are the sets of flags which we'll try, in order. |
| 271 const int kCloneExtraFlags[] = { | 268 const int kCloneExtraFlags[] = { |
| 272 CLONE_NEWPID | CLONE_NEWNET | CLONE_NEWNS, | |
| 273 CLONE_NEWPID | CLONE_NEWNET, | 269 CLONE_NEWPID | CLONE_NEWNET, |
| 274 CLONE_NEWPID, | 270 CLONE_NEWPID, |
| 275 }; | 271 }; |
| 276 | 272 |
| 277 for (size_t i = 0; | 273 for (size_t i = 0; |
| 278 i < sizeof(kCloneExtraFlags) / sizeof(kCloneExtraFlags[0]); | 274 i < sizeof(kCloneExtraFlags) / sizeof(kCloneExtraFlags[0]); |
| 279 i++) { | 275 i++) { |
| 280 pid_t pid = syscall(__NR_clone, SIGCHLD | kCloneExtraFlags[i], 0, 0, 0); | 276 pid_t pid = syscall(__NR_clone, SIGCHLD | kCloneExtraFlags[i], 0, 0, 0); |
| 281 | 277 |
| 282 if (pid > 0) | 278 if (pid > 0) |
| (...skipping 141 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 424 if (!DropRoot()) | 420 if (!DropRoot()) |
| 425 return 1; | 421 return 1; |
| 426 if (!SetupChildEnvironment()) | 422 if (!SetupChildEnvironment()) |
| 427 return 1; | 423 return 1; |
| 428 | 424 |
| 429 execv(argv[1], &argv[1]); | 425 execv(argv[1], &argv[1]); |
| 430 FatalError("execv failed"); | 426 FatalError("execv failed"); |
| 431 | 427 |
| 432 return 1; | 428 return 1; |
| 433 } | 429 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 3146044:
Remove NEWNS from the setuid sandbox.... (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/