OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/zygote/zygote_main.h" | 5 #include "content/zygote/zygote_main.h" |
6 | 6 |
7 #include <dlfcn.h> | 7 #include <dlfcn.h> |
8 #include <fcntl.h> | 8 #include <fcntl.h> |
9 #include <pthread.h> | 9 #include <pthread.h> |
10 #include <signal.h> | 10 #include <signal.h> |
(...skipping 447 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
458 } | 458 } |
459 | 459 |
460 static void EnterNamespaceSandbox(base::Closure* post_fork_parent_callback) { | 460 static void EnterNamespaceSandbox(base::Closure* post_fork_parent_callback) { |
461 pid_t pid = getpid(); | 461 pid_t pid = getpid(); |
462 if (sandbox::NamespaceSandbox::InNewPidNamespace()) { | 462 if (sandbox::NamespaceSandbox::InNewPidNamespace()) { |
463 CHECK_EQ(1, pid); | 463 CHECK_EQ(1, pid); |
464 } | 464 } |
465 | 465 |
466 CHECK(sandbox::Credentials::MoveToNewUserNS()); | 466 CHECK(sandbox::Credentials::MoveToNewUserNS()); |
467 CHECK(sandbox::Credentials::DropFileSystemAccess()); | 467 CHECK(sandbox::Credentials::DropFileSystemAccess()); |
468 CHECK(sandbox::Credentials::DropAllCapabilities()); | 468 // We do not drop capabilities because we will use CAP_SYS_ADMIN to place each |
rickyz (no longer on Chrome)
2015/02/07 05:14:03
Like I mentioned in that last change, we need CAP_
mdempsky
2015/02/09 06:28:12
Couple thoughts I have:
1. Would it be worthwhi
rickyz (no longer on Chrome)
2015/02/24 06:11:34
Done - I didn't look too much into how much attack
| |
469 // child process in its own PID namespace later on. | |
469 | 470 |
470 // This needs to happen after moving to a new user NS, since doing so involves | 471 // This needs to happen after moving to a new user NS, since doing so involves |
471 // writing the UID/GID map. | 472 // writing the UID/GID map. |
472 CHECK(MaybeSetProcessNonDumpable()); | 473 CHECK(MaybeSetProcessNonDumpable()); |
473 | 474 |
474 if (pid == 1) { | 475 if (pid == 1) { |
475 CHECK(CreateInitProcessReaper(post_fork_parent_callback)); | 476 CHECK(CreateInitProcessReaper(post_fork_parent_callback)); |
476 } | 477 } |
477 } | 478 } |
478 | 479 |
(...skipping 171 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
650 bool setuid_sandbox_engaged = sandbox_flags & kSandboxLinuxSUID; | 651 bool setuid_sandbox_engaged = sandbox_flags & kSandboxLinuxSUID; |
651 CHECK_EQ(using_setuid_sandbox, setuid_sandbox_engaged); | 652 CHECK_EQ(using_setuid_sandbox, setuid_sandbox_engaged); |
652 | 653 |
653 Zygote zygote(sandbox_flags, fork_delegates.Pass(), extra_children, | 654 Zygote zygote(sandbox_flags, fork_delegates.Pass(), extra_children, |
654 extra_fds); | 655 extra_fds); |
655 // This function call can return multiple times, once per fork(). | 656 // This function call can return multiple times, once per fork(). |
656 return zygote.ProcessRequests(); | 657 return zygote.ProcessRequests(); |
657 } | 658 } |
658 | 659 |
659 } // namespace content | 660 } // namespace content |
OLD | NEW |