Clear environment variables for nacl_helper

components/nacl/zygote/nacl_fork_delegate_linux.cc

Index: components/nacl/zygote/nacl_fork_delegate_linux.cc
diff --git a/components/nacl/zygote/nacl_fork_delegate_linux.cc b/components/nacl/zygote/nacl_fork_delegate_linux.cc
index 1a42269a198cbc737035064a2a0d79b29573a7b9..65ba0c4be893dd682373a86a8877159530cdafc8 100644
--- a/components/nacl/zygote/nacl_fork_delegate_linux.cc
+++ b/components/nacl/zygote/nacl_fork_delegate_linux.cc
@@ -26,6 +26,7 @@
 #include "base/posix/unix_domain_socket_linux.h"
 #include "base/process/kill.h"
 #include "base/process/launch.h"
+#include "base/strings/string_split.h"
 #include "base/third_party/dynamic_annotations/dynamic_annotations.h"
 #include "build/build_config.h"
 #include "components/nacl/common/nacl_nonsfi_util.h"
@@ -44,6 +45,19 @@ const char kNaClHelperReservedAtZero[] =
     "--reserved_at_zero=0xXXXXXXXXXXXXXXXX";
 const char kNaClHelperRDebug[] = "--r_debug=0xXXXXXXXXXXXXXXXX";
 
+// This is an environment variable which controls which (if any) other
+// environment variables are passed through to NaCl processes.  e.g.,
+// NACL_ENV_PASSTHROUGH="PATH PWD" would pass both $PATH and $PWD to the child

[Mark Seaborn, 2014/06/04 15:16:50]

This should be "PATH,CWD".

[elijahtaylor1, 2014/06/04 16:36:37]

Done.

+// process.
+const char kNaClEnvPassthrough[] = "NACL_ENV_PASSTHROUGH";
+char kNaClEnvPassthroughDelimiter = ',';
+
+// The following environment variables are always passed through if they exist
+// in the parent process.
+const char kNaClExeStderr[] = "NACL_EXE_STDERR";
+const char kNaClExeStdout[] = "NACL_EXE_STDOUT";
+const char kNaClVerbosity[] = "NACLVERBOSITY";
+
 #if defined(ARCH_CPU_X86)
 bool NonZeroSegmentBaseIsSlow() {
   base::CPU cpuid;
@@ -243,6 +257,11 @@ void NaClForkDelegate::Init(const int sandboxdesc,
     max_these_limits.push_back(RLIMIT_AS);
     options.maximize_rlimits = &max_these_limits;
 
+    // To avoid information leaks in Non-SFI mode, clear the environment for
+    // the NaCl Helper process.
+    options.clear_environ = true;
+    AddPassthroughEnvToOptions(&options);
+
     if (!base::LaunchProcess(argv_to_launch, options, NULL))
       status_ = kNaClHelperLaunchFailed;
     // parent and error cases are handled below
@@ -398,4 +417,24 @@ bool NaClForkDelegate::GetTerminationStatus(pid_t pid, bool known_dead,
   return true;
 }
 
+// static
+void NaClForkDelegate::AddPassthroughEnvToOptions(
+    base::LaunchOptions* options) {
+  scoped_ptr<base::Environment> env(base::Environment::Create());
+  std::string pass_through_string;
+  std::vector<std::string> pass_through_vars;
+  if (env->GetVar(kNaClEnvPassthrough, &pass_through_string)) {
+    base::SplitString(
+        pass_through_string, kNaClEnvPassthroughDelimiter, &pass_through_vars);
+  }
+  pass_through_vars.push_back(kNaClExeStderr);
+  pass_through_vars.push_back(kNaClExeStdout);
+  pass_through_vars.push_back(kNaClVerbosity);
+  for (size_t i = 0; i < pass_through_vars.size(); ++i) {
+    std::string temp;
+    if (env->GetVar(pass_through_vars[i].c_str(), &temp))
+      options->environ[pass_through_vars[i]] = temp;
+  }
+}
+
 }  // namespace nacl