Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(561)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: sandbox/linux/suid/sandbox.c

Issue 569533002: Remove --find-inode-switch hack from chrome-sandbox (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Revert API number bump and merge remainder of linux_util.h into sandbox.h Created 6 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « sandbox/linux/suid/linux_util.c ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: sandbox/linux/suid/sandbox.c
diff --git a/sandbox/linux/suid/sandbox.c b/sandbox/linux/suid/sandbox.c
index 7410b71c315baa77ab857bf853f2b5e4579ada9d..3049ae52113cfa6164598f98465f2fefb17cf8e4 100644
--- a/sandbox/linux/suid/sandbox.c
+++ b/sandbox/linux/suid/sandbox.c
@@ -30,7 +30,6 @@
#include <unistd.h>
#include "sandbox/linux/suid/common/suid_unsafe_environment_variables.h"
-#include "sandbox/linux/suid/linux_util.h"
#include "sandbox/linux/suid/process_util.h"
#if !defined(CLONE_NEWPID)
@@ -433,34 +432,8 @@ int main(int argc, char** argv) {
return 0;
}
- // In the SUID sandbox, if we succeed in calling MoveToNewNamespaces()
- // below, then the zygote and all the renderers are in an alternate PID
- // namespace and do not know their real PIDs. As such, they report the wrong
- // PIDs to the task manager.
- //
- // To fix this, when the zygote spawns a new renderer, it gives the renderer
- // a dummy socket, which has a unique inode number. Then it asks the sandbox
- // host to find the PID of the process holding that fd by searching /proc.
- //
- // Since the zygote and renderers are all spawned by this setuid executable,
- // their entries in /proc are owned by root and only readable by root. In
- // order to search /proc for the fd we want, this setuid executable has to
- // double as a helper and perform the search. The code block below does this
- // when you call it with --find-inode INODE_NUMBER.
- if (argc == 3 && (0 == strcmp(argv[1], kFindInodeSwitch))) {
- pid_t pid;
- char* endptr = NULL;
- errno = 0;
- ino_t inode = strtoull(argv[2], &endptr, 10);
- if (inode == ULLONG_MAX || !endptr || *endptr || errno != 0)
- return 1;
- if (!FindProcessHoldingSocket(&pid, inode))
- return 1;
- printf("%d\n", pid);
- return 0;
- }
- // Likewise, we cannot adjust /proc/pid/oom_adj for sandboxed renderers
- // because those files are owned by root. So we need another helper here.
+ // We cannot adjust /proc/pid/oom_adj for sandboxed renderers
+ // because those files are owned by root. So we need a helper here.
if (argc == 4 && (0 == strcmp(argv[1], kAdjustOOMScoreSwitch))) {
char* endptr = NULL;
long score;
« no previous file with comments | « sandbox/linux/suid/linux_util.c ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698