| OLD | NEW |
|---|
| 1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // http://code.google.com/p/chromium/wiki/LinuxSUIDSandbox | 5 // http://code.google.com/p/chromium/wiki/LinuxSUIDSandbox |
| 6 | 6 |
| 7 #define _GNU_SOURCE | 7 #define _GNU_SOURCE |
| 8 #include <asm/unistd.h> | 8 #include <asm/unistd.h> |
| 9 #include <errno.h> | 9 #include <errno.h> |
| 10 #include <fcntl.h> | 10 #include <fcntl.h> |
| 11 #include <limits.h> | 11 #include <limits.h> |
| 12 #include <sched.h> | 12 #include <sched.h> |
| 13 #include <signal.h> | 13 #include <signal.h> |
| 14 #include <stdarg.h> | 14 #include <stdarg.h> |
| 15 #include <stdbool.h> | 15 #include <stdbool.h> |
| 16 #include <stdint.h> | 16 #include <stdint.h> |
| 17 #include <stdio.h> | 17 #include <stdio.h> |
| 18 #include <stdlib.h> | 18 #include <stdlib.h> |
| 19 #include <string.h> | 19 #include <string.h> |
| 20 #include <sys/prctl.h> | 20 #include <sys/prctl.h> |
| 21 #include <sys/resource.h> | 21 #include <sys/resource.h> |
| 22 #include <sys/socket.h> | 22 #include <sys/socket.h> |
| 23 #include <sys/stat.h> | 23 #include <sys/stat.h> |
| 24 #include <sys/time.h> | 24 #include <sys/time.h> |
| 25 #include <sys/types.h> | 25 #include <sys/types.h> |
| 26 #include <unistd.h> | 26 #include <unistd.h> |
| 27 | 27 |
| 28 #include "linux_util.h" | 28 #include "linux_util.h" |
| 29 #include "process_util.h" |
| 29 #include "suid_unsafe_environment_variables.h" | 30 #include "suid_unsafe_environment_variables.h" |
| 30 | 31 |
| 31 #if !defined(CLONE_NEWPID) | 32 #if !defined(CLONE_NEWPID) |
| 32 #define CLONE_NEWPID 0x20000000 | 33 #define CLONE_NEWPID 0x20000000 |
| 33 #endif | 34 #endif |
| 34 | 35 |
| 35 static const char kSandboxDescriptorEnvironmentVarName[] = "SBX_D"; | 36 static const char kSandboxDescriptorEnvironmentVarName[] = "SBX_D"; |
| 36 | 37 |
| 37 // These are the magic byte values which the sandboxed process uses to request | 38 // These are the magic byte values which the sandboxed process uses to request |
| 38 // that it be chrooted. | 39 // that it be chrooted. |
| (...skipping 263 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 302 // a dummy socket, which has a unique inode number. Then it asks the sandbox | 303 // a dummy socket, which has a unique inode number. Then it asks the sandbox |
| 303 // host to find the PID of the process holding that fd by searching /proc. | 304 // host to find the PID of the process holding that fd by searching /proc. |
| 304 // | 305 // |
| 305 // Since the zygote and renderers are all spawned by this setuid executable, | 306 // Since the zygote and renderers are all spawned by this setuid executable, |
| 306 // their entries in /proc are owned by root and only readable by root. In | 307 // their entries in /proc are owned by root and only readable by root. In |
| 307 // order to search /proc for the fd we want, this setuid executable has to | 308 // order to search /proc for the fd we want, this setuid executable has to |
| 308 // double as a helper and perform the search. The code block below does this | 309 // double as a helper and perform the search. The code block below does this |
| 309 // when you call it with --find-inode INODE_NUMBER. | 310 // when you call it with --find-inode INODE_NUMBER. |
| 310 if (argc == 3 && (0 == strcmp(argv[1], kFindInodeSwitch))) { | 311 if (argc == 3 && (0 == strcmp(argv[1], kFindInodeSwitch))) { |
| 311 pid_t pid; | 312 pid_t pid; |
| 312 char *endptr; | 313 char* endptr; |
| 313 ino_t inode = strtoull(argv[2], &endptr, 10); | 314 ino_t inode = strtoull(argv[2], &endptr, 10); |
| 314 if (inode == ULLONG_MAX || *endptr) | 315 if (inode == ULLONG_MAX || *endptr) |
| 315 return 1; | 316 return 1; |
| 316 if (!FindProcessHoldingSocket(&pid, inode)) | 317 if (!FindProcessHoldingSocket(&pid, inode)) |
| 317 return 1; | 318 return 1; |
| 318 printf("%d\n", pid); | 319 printf("%d\n", pid); |
| 319 return 0; | 320 return 0; |
| 320 } | 321 } |
| 322 // Likewise, we cannot adjust /proc/pid/oom_adj for sandboxed renderers |
| 323 // because those files are owned by root. So we need another helper here. |
| 324 if (argc == 4 && (0 == strcmp(argv[1], kAdjustOOMScoreSwitch))) { |
| 325 char* endptr; |
| 326 int score; |
| 327 pid_t pid = strtoul(argv[2], &endptr, 10); |
| 328 if (pid == ULONG_MAX || *endptr) |
| 329 return 1; |
| 330 score = strtol(argv[3], &endptr, 10); |
| 331 if (score == LONG_MAX || score == LONG_MIN || *endptr) |
| 332 return 1; |
| 333 return AdjustOOMScore(pid, score); |
| 334 } |
| 321 | 335 |
| 322 if (!MoveToNewPIDNamespace()) | 336 if (!MoveToNewPIDNamespace()) |
| 323 return 1; | 337 return 1; |
| 324 if (!SpawnChrootHelper()) | 338 if (!SpawnChrootHelper()) |
| 325 return 1; | 339 return 1; |
| 326 if (!DropRoot()) | 340 if (!DropRoot()) |
| 327 return 1; | 341 return 1; |
| 328 if (!SetupChildEnvironment()) | 342 if (!SetupChildEnvironment()) |
| 329 return 1; | 343 return 1; |
| 330 | 344 |
| 331 execv(argv[1], &argv[1]); | 345 execv(argv[1], &argv[1]); |
| 332 FatalError("execv failed"); | 346 FatalError("execv failed"); |
| 333 | 347 |
| 334 return 1; | 348 return 1; |
| 335 } | 349 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 467058:
Linux: Adjust /proc/pid/oom_adj to sacrifice plugin and renderer processes to... (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/