Chromium Code Reviews Chromium Code Reviews
Issue 269543014:
Use RecvMsgWithPid to find real PID for zygote children (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // A mini-zygote specifically for Native Client. | 5 // A mini-zygote specifically for Native Client. |
| 6 | 6 |
| 7 #include "components/nacl/loader/nacl_helper_linux.h" | 7 #include "components/nacl/loader/nacl_helper_linux.h" |
| 8 | 8 |
| 9 #include <errno.h> | 9 #include <errno.h> |
| 10 #include <fcntl.h> | 10 #include <fcntl.h> |
| (...skipping 18 matching lines...) Expand all Loading... | |
| 29 #include "base/posix/eintr_wrapper.h" | 29 #include "base/posix/eintr_wrapper.h" |
| 30 #include "base/posix/global_descriptors.h" | 30 #include "base/posix/global_descriptors.h" |
| 31 #include "base/posix/unix_domain_socket_linux.h" | 31 #include "base/posix/unix_domain_socket_linux.h" |
| 32 #include "base/process/kill.h" | 32 #include "base/process/kill.h" |
| 33 #include "base/process/process_handle.h" | 33 #include "base/process/process_handle.h" |
| 34 #include "base/rand_util.h" | 34 #include "base/rand_util.h" |
| 35 #include "components/nacl/common/nacl_switches.h" | 35 #include "components/nacl/common/nacl_switches.h" |
| 36 #include "components/nacl/loader/nacl_listener.h" | 36 #include "components/nacl/loader/nacl_listener.h" |
| 37 #include "components/nacl/loader/nonsfi/irt_exception_handling.h" | 37 #include "components/nacl/loader/nonsfi/irt_exception_handling.h" |
| 38 #include "components/nacl/loader/sandbox_linux/nacl_sandbox_linux.h" | 38 #include "components/nacl/loader/sandbox_linux/nacl_sandbox_linux.h" |
| 39 #include "content/public/common/child_process_sandbox_support_linux.h" | |
| 39 #include "content/public/common/content_descriptors.h" | 40 #include "content/public/common/content_descriptors.h" |
| 40 #include "content/public/common/zygote_fork_delegate_linux.h" | 41 #include "content/public/common/zygote_fork_delegate_linux.h" |
| 41 #include "crypto/nss_util.h" | 42 #include "crypto/nss_util.h" |
| 42 #include "ipc/ipc_descriptors.h" | 43 #include "ipc/ipc_descriptors.h" |
| 43 #include "ipc/ipc_switches.h" | 44 #include "ipc/ipc_switches.h" |
| 44 #include "sandbox/linux/services/libc_urandom_override.h" | 45 #include "sandbox/linux/services/libc_urandom_override.h" |
| 45 | 46 |
| 46 namespace { | 47 namespace { |
| 47 | 48 |
| 48 struct NaClLoaderSystemInfo { | 49 struct NaClLoaderSystemInfo { |
| (...skipping 58 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 107 listener.Listen(); | 108 listener.Listen(); |
| 108 _exit(0); | 109 _exit(0); |
| 109 } | 110 } |
| 110 | 111 |
| 111 // Start the NaCl loader in a child created by the NaCl loader Zygote. | 112 // Start the NaCl loader in a child created by the NaCl loader Zygote. |
| 112 void ChildNaClLoaderInit(ScopedVector<base::ScopedFD> child_fds, | 113 void ChildNaClLoaderInit(ScopedVector<base::ScopedFD> child_fds, |
| 113 const NaClLoaderSystemInfo& system_info, | 114 const NaClLoaderSystemInfo& system_info, |
| 114 bool uses_nonsfi_mode, | 115 bool uses_nonsfi_mode, |
| 115 nacl::NaClSandbox* nacl_sandbox, | 116 nacl::NaClSandbox* nacl_sandbox, |
| 116 const std::string& channel_id) { | 117 const std::string& channel_id) { |
| 117 bool validack = false; | 118 // Ping the PID oracle socket. |
|
jln (very slow on Chromium)
2014/05/05 23:09:33
Feel free to add a DCHECK that child_fds.size() is
mdempsky
2014/05/05 23:16:24
Done.
| |
| 118 base::ProcessId real_pid; | 119 CHECK(content::SendZygoteChildPing( |
| 119 // Wait until the parent process has discovered our PID. We | 120 child_fds[content::ZygoteForkDelegate::kPIDOracleFDIndex]->get())); |
| 120 // should not fork any child processes (which the seccomp | |
| 121 // sandbox does) until then, because that can interfere with the | |
| 122 // parent's discovery of our PID. | |
| 123 const ssize_t nread = HANDLE_EINTR( | |
| 124 read(child_fds[content::ZygoteForkDelegate::kParentFDIndex]->get(), | |
| 125 &real_pid, | |
| 126 sizeof(real_pid))); | |
| 127 if (static_cast<size_t>(nread) == sizeof(real_pid)) { | |
| 128 // Make sure the parent didn't accidentally send us our real PID. | |
| 129 // We don't want it to be discoverable anywhere in our address space | |
| 130 // when we start running untrusted code. | |
| 131 CHECK(real_pid == 0); | |
| 132 | 121 |
| 133 CommandLine::ForCurrentProcess()->AppendSwitchASCII( | 122 CommandLine::ForCurrentProcess()->AppendSwitchASCII( |
| 134 switches::kProcessChannelID, channel_id); | 123 switches::kProcessChannelID, channel_id); |
| 135 validack = true; | |
| 136 } else { | |
| 137 if (nread < 0) | |
| 138 perror("read"); | |
| 139 LOG(ERROR) << "read returned " << nread; | |
| 140 } | |
| 141 | 124 |
| 125 // Save the browser socket and close the rest. | |
| 142 base::ScopedFD browser_fd( | 126 base::ScopedFD browser_fd( |
| 143 child_fds[content::ZygoteForkDelegate::kBrowserFDIndex]->Pass()); | 127 child_fds[content::ZygoteForkDelegate::kBrowserFDIndex]->Pass()); |
| 144 child_fds.clear(); | 128 child_fds.clear(); |
| 145 | 129 |
| 146 if (validack) { | 130 BecomeNaClLoader( |
| 147 BecomeNaClLoader( | 131 browser_fd.Pass(), system_info, uses_nonsfi_mode, nacl_sandbox); |
| 148 browser_fd.Pass(), system_info, uses_nonsfi_mode, nacl_sandbox); | |
| 149 } else { | |
| 150 LOG(ERROR) << "Failed to synch with zygote"; | |
| 151 } | |
| 152 _exit(1); | 132 _exit(1); |
| 153 } | 133 } |
| 154 | 134 |
| 155 // Handle a fork request from the Zygote. | 135 // Handle a fork request from the Zygote. |
| 156 // Some of this code was lifted from | 136 // Some of this code was lifted from |
| 157 // content/browser/zygote_main_linux.cc:ForkWithRealPid() | 137 // content/browser/zygote_main_linux.cc:ForkWithRealPid() |
| 158 bool HandleForkRequest(ScopedVector<base::ScopedFD> child_fds, | 138 bool HandleForkRequest(ScopedVector<base::ScopedFD> child_fds, |
| 159 const NaClLoaderSystemInfo& system_info, | 139 const NaClLoaderSystemInfo& system_info, |
| 160 nacl::NaClSandbox* nacl_sandbox, | 140 nacl::NaClSandbox* nacl_sandbox, |
| 161 PickleIterator* input_iter, | 141 PickleIterator* input_iter, |
| (...skipping 287 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 449 // Now handle requests from the Zygote. | 429 // Now handle requests from the Zygote. |
| 450 while (true) { | 430 while (true) { |
| 451 bool request_handled = HandleZygoteRequest( | 431 bool request_handled = HandleZygoteRequest( |
| 452 kNaClZygoteDescriptor, system_info, nacl_sandbox.get()); | 432 kNaClZygoteDescriptor, system_info, nacl_sandbox.get()); |
| 453 // Do not turn this into a CHECK() without thinking about robustness | 433 // Do not turn this into a CHECK() without thinking about robustness |
| 454 // against malicious IPC requests. | 434 // against malicious IPC requests. |
| 455 DCHECK(request_handled); | 435 DCHECK(request_handled); |
| 456 } | 436 } |
| 457 NOTREACHED(); | 437 NOTREACHED(); |
| 458 } | 438 } |
| OLD | NEW |
