Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(260)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: child_job.cc

Issue 3493012: Security patches: RestartJob ignores pid, argv[0]; kill runs as child UID (Closed) Base URL: http://git.chromium.org/git/login_manager.git
Patch Set: added comments, using -1 as suid in setresuid() calls Created 10 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « child_job.h ('k') | child_job_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2009-2010 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2009-2010 The Chromium OS Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // This class is most definitely NOT re-entrant. 5 // This class is most definitely NOT re-entrant.
6 6
7 #include "login_manager/child_job.h" 7 #include "login_manager/child_job.h"
8 8
9 #include <errno.h> 9 #include <errno.h>
10 #include <grp.h> 10 #include <grp.h>
11 #include <pwd.h> 11 #include <pwd.h>
(...skipping 107 matching lines...) Expand 10 before | Expand all | Expand 10 after
119 bool ChildJob::IsDesiredUidSet() const { 119 bool ChildJob::IsDesiredUidSet() const {
120 return is_desired_uid_set_; 120 return is_desired_uid_set_;
121 } 121 }
122 122
123 const std::string ChildJob::GetName() const { 123 const std::string ChildJob::GetName() const {
124 FilePath exec_file(arguments_[0]); 124 FilePath exec_file(arguments_[0]);
125 return exec_file.BaseName().value(); 125 return exec_file.BaseName().value();
126 } 126 }
127 127
128 void ChildJob::SetArguments(const std::string& arguments) { 128 void ChildJob::SetArguments(const std::string& arguments) {
129 std::string argv0;
130 if (!arguments_.empty())
131 argv0 = arguments_[0];
132
129 arguments_.clear(); 133 arguments_.clear();
130 SplitString(arguments, ' ', &arguments_); 134 SplitString(arguments, ' ', &arguments_);
135
136 if (!argv0.empty())
137 arguments_[0] = argv0;
131 } 138 }
132 139
133 char const** ChildJob::CreateArgv() const { 140 char const** ChildJob::CreateArgv() const {
134 // Need to append NULL at the end. 141 // Need to append NULL at the end.
135 char const** argv = new char const*[arguments_.size() + 1]; 142 char const** argv = new char const*[arguments_.size() + 1];
136 for (size_t i = 0; i < arguments_.size(); ++i) { 143 for (size_t i = 0; i < arguments_.size(); ++i) {
137 const std::string& arg = arguments_[i]; 144 const std::string& arg = arguments_[i];
138 int needed_space = arg.length() + 1; 145 int needed_space = arg.length() + 1;
139 char* space = new char[needed_space]; 146 char* space = new char[needed_space];
140 strncpy(space, arg.c_str(), needed_space); 147 strncpy(space, arg.c_str(), needed_space);
(...skipping 14 matching lines...) Expand all
155 to_return = kCantSetGid; 162 to_return = kCantSetGid;
156 if (setuid(desired_uid_) == -1) 163 if (setuid(desired_uid_) == -1)
157 to_return = kCantSetUid; 164 to_return = kCantSetUid;
158 } 165 }
159 if (setsid() == -1) 166 if (setsid() == -1)
160 LOG(ERROR) << "can't setsid: " << strerror(errno); 167 LOG(ERROR) << "can't setsid: " << strerror(errno);
161 return to_return; 168 return to_return;
162 } 169 }
163 170
164 } // namespace login_manager 171 } // namespace login_manager
OLDNEW
« no previous file with comments | « child_job.h ('k') | child_job_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698