Bug 820560: Run unprivileged processes with different uids when possi…

…ble. r=kang a=blocking-basecamp
iaxat · Dec 17, 2012 · 0800d9e · 0800d9e
1 parent b8aba2b
commit 0800d9e
Showing 1 changed file with 32 additions and 2 deletions.
diff --git a/ipc/chromium/src/base/process_util_linux.cc b/ipc/chromium/src/base/process_util_linux.cc
@@ -232,11 +232,41 @@ bool LaunchApp(const std::vector<std::string>& argv,
     argv_cstr[argv.size()] = NULL;
 
     if (privs == PRIVILEGES_UNPRIVILEGED) {
-      if (setgid(CHILD_UNPRIVILEGED_GID) != 0) {
+      gid_t gid = CHILD_UNPRIVILEGED_GID;
+      uid_t uid = CHILD_UNPRIVILEGED_UID;
+#ifdef MOZ_WIDGET_GONK
+      static bool checked_pix_max, pix_max_ok;
+      if (!checked_pix_max) {
+        checked_pix_max = true;
+        int fd = open("/proc/sys/kernel/pid_max", O_CLOEXEC | O_RDONLY);
+        if (fd < 0) {
+          DLOG(ERROR) << "Failed to open pid_max";
+          _exit(127);
+        }
+        char buf[PATH_MAX];
+        ssize_t len = read(fd, buf, sizeof(buf) - 1);
+        close(fd);
+        if (len < 0) {
+          DLOG(ERROR) << "Failed to read pid_max";
+          _exit(127);
+        }
+        buf[len] = '\0';
+        int pid_max = atoi(buf);
+        pix_max_ok =
+          (pid_max + CHILD_UNPRIVILEGED_UID > CHILD_UNPRIVILEGED_UID);
+      }
+      if (!pix_max_ok) {
+        DLOG(ERROR) << "Can't safely get unique uid/gid";
+        _exit(127);
+      }
+      gid += getpid();
+      uid += getpid();
+#endif
+      if (setgid(gid) != 0) {
         DLOG(ERROR) << "FAILED TO setgid() CHILD PROCESS, path: " << argv_cstr[0];
         _exit(127);
       }
-      if (setuid(CHILD_UNPRIVILEGED_UID) != 0) {
+      if (setuid(uid) != 0) {
         DLOG(ERROR) << "FAILED TO setuid() CHILD PROCESS, path: " << argv_cstr[0];
         _exit(127);
       }