content/browser/zygote_host/zygote_host_impl_linux.cc - Issue 197213015: [Linux] Use PR_SET_NO_NEW_PRIVS by default in base/process/launch.h.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: content/browser/zygote_host/zygote_host_impl_linux.cc

Issue 197213015: [Linux] Use PR_SET_NO_NEW_PRIVS by default in base/process/launch.h. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Address jln's comments Created 6 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

Index: content/browser/zygote_host/zygote_host_impl_linux.cc

diff --git a/content/browser/zygote_host/zygote_host_impl_linux.cc b/content/browser/zygote_host/zygote_host_impl_linux.cc

index aaf4d3b686e916a53f217bad0a33bc043a191f23..0106a7a9030992184262b600dafd3a9e53101528 100644

--- a/content/browser/zygote_host/zygote_host_impl_linux.cc

+++ b/content/browser/zygote_host/zygote_host_impl_linux.cc

@@ -166,6 +166,7 @@ void ZygoteHostImpl::Init(const std::string& sandbox_cmd) {

base::ProcessHandle process = -1;

base::LaunchOptions options;

options.fds_to_remap = &fds_to_map;

+ options.allow_new_privs = using_suid_sandbox_; // Don't PR_SET_NO_NEW_PRIVS.

base::LaunchProcess(cmd_line.argv(), options, &process);

CHECK(process != -1) << "Failed to launch zygote process";