Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(371)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/zygote/zygote_main_linux.cc

Issue 10492006: Setuid sandbox API versioning (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Switch return value logic in CheckAndExportApiVersion Created 8 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« content/browser/zygote_host_impl_linux.cc ('K') | « content/browser/zygote_host_impl_linux.cc ('k') | sandbox/linux/suid/linux_util.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <dlfcn.h> 5 #include <dlfcn.h>
6 #include <fcntl.h> 6 #include <fcntl.h>
7 #include <pthread.h> 7 #include <pthread.h>
8 #include <stdio.h> 8 #include <stdio.h>
9 #include <sys/socket.h> 9 #include <sys/socket.h>
10 #include <sys/stat.h> 10 #include <sys/stat.h>
(...skipping 511 matching lines...) Expand 10 before | Expand all | Expand 10 after
522 static bool EnterSandbox(bool* using_suid_sandbox, bool* has_started_new_init) { 522 static bool EnterSandbox(bool* using_suid_sandbox, bool* has_started_new_init) {
523 *using_suid_sandbox = false; 523 *using_suid_sandbox = false;
524 *has_started_new_init = false; 524 *has_started_new_init = false;
525 525
526 PreSandboxInit(); 526 PreSandboxInit();
527 SkiaFontConfigSetImplementation( 527 SkiaFontConfigSetImplementation(
528 new FontConfigIPC(Zygote::kMagicSandboxIPCDescriptor)); 528 new FontConfigIPC(Zygote::kMagicSandboxIPCDescriptor));
529 529
530 const char* const sandbox_fd_string = getenv(kSUIDSandboxVar); 530 const char* const sandbox_fd_string = getenv(kSUIDSandboxVar);
531 if (sandbox_fd_string) { 531 if (sandbox_fd_string) {
532 char* endptr;
532 // Use the SUID sandbox. This still allows the seccomp sandbox to 533 // Use the SUID sandbox. This still allows the seccomp sandbox to
533 // be enabled by the process later. 534 // be enabled by the process later.
534 *using_suid_sandbox = true; 535 *using_suid_sandbox = true;
535 536
536 char* endptr; 537 // Check if the SUID sandbox provides the correct API version.
538 const char* const sandbox_api_string =
539 getenv(base::kSandboxEnvironmentApiProvides);
540 // Assume API version 0 if no environment was found
541 long sandbox_api_num = 0;
542 if (sandbox_api_string) {
543 errno = 0;
544 sandbox_api_num = strtol(sandbox_api_string, &endptr, 10);
545 if (errno || *endptr) {
546 return false;
547 }
548 }
549
550 if (sandbox_api_num != base::kSUIDSandboxApiNumber) {
551 LOG(WARNING) << "You are using a wrong version of the setuid binary!\n"
552 "Please read "
553 "https://code.google.com/p/chromium/wiki/LinuxSUIDSandboxDevelopment."
554 "\n\n";
555 }
556
557 // Get the file descriptor to signal the chroot helper.
558 errno = 0;
537 const long fd_long = strtol(sandbox_fd_string, &endptr, 10); 559 const long fd_long = strtol(sandbox_fd_string, &endptr, 10);
538 if (!*sandbox_fd_string || *endptr || fd_long < 0 || fd_long > INT_MAX) 560 if (errno || !*sandbox_fd_string || *endptr || fd_long < 0 ||
561 fd_long > INT_MAX) {
539 return false; 562 return false;
563 }
540 const int fd = fd_long; 564 const int fd = fd_long;
541 565
542 static const char kMsgChrootMe = 'C'; 566 static const char kMsgChrootMe = 'C';
543 static const char kMsgChrootSuccessful = 'O'; 567 static const char kMsgChrootSuccessful = 'O';
544 568
545 if (HANDLE_EINTR(write(fd, &kMsgChrootMe, 1)) != 1) { 569 if (HANDLE_EINTR(write(fd, &kMsgChrootMe, 1)) != 1) {
546 LOG(ERROR) << "Failed to write to chroot pipe: " << errno; 570 LOG(ERROR) << "Failed to write to chroot pipe: " << errno;
547 return false; 571 return false;
548 } 572 }
549 573
(...skipping 140 matching lines...) Expand 10 before | Expand all | Expand 10 after
690 } 714 }
691 } 715 }
692 #endif // SECCOMP_SANDBOX 716 #endif // SECCOMP_SANDBOX
693 717
694 Zygote zygote(sandbox_flags, forkdelegate, proc_fd_for_seccomp); 718 Zygote zygote(sandbox_flags, forkdelegate, proc_fd_for_seccomp);
695 // This function call can return multiple times, once per fork(). 719 // This function call can return multiple times, once per fork().
696 return zygote.ProcessRequests(); 720 return zygote.ProcessRequests();
697 } 721 }
698 722
699 } // namespace content 723 } // namespace content
OLDNEW
« content/browser/zygote_host_impl_linux.cc ('K') | « content/browser/zygote_host_impl_linux.cc ('k') | sandbox/linux/suid/linux_util.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698