Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(3080)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: base/test/launcher/test_launcher.cc

Issue 197213015: [Linux] Use PR_SET_NO_NEW_PRIVS by default in base/process/launch.h. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Add function Created 6 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « base/process/launch_posix.cc ('k') | chrome/browser/chrome_main_browsertest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: base/test/launcher/test_launcher.cc
diff --git a/base/test/launcher/test_launcher.cc b/base/test/launcher/test_launcher.cc
index a37c4afa4b844333d2f9954e7615b689afcd7724..9c01a406b61b8ecb760ec512e063d8cca330ae11 100644
--- a/base/test/launcher/test_launcher.cc
+++ b/base/test/launcher/test_launcher.cc
@@ -1026,6 +1026,13 @@ int LaunchChildTestProcessWithOptions(const CommandLine& command_line,
new_options.job_handle = job_handle.Get();
#endif // defined(OS_WIN)
+#if defined(OS_LINUX)
+ // To prevent accidental privilege sharing to an untrusted child, processes
+ // are started with PR_SET_NO_NEW_PRIVS. Do not set that here, since this
+ // new child will be privileged and trusted.
+ new_options.allow_new_privs = true;
+#endif
+
base::ProcessHandle process_handle;
{
« no previous file with comments | « base/process/launch_posix.cc ('k') | chrome/browser/chrome_main_browsertest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698