void ChildProcess::initialize(const ChildProcessInitializationParameters& parameters)
{
platformInitialize();
initializeProcess(parameters);
initializeProcessName(parameters);
initializeSandbox(parameters);
m_connection = CoreIPC::Connection::createClientConnection(parameters.connectionIdentifier, this, RunLoop::main());
m_connection->setDidCloseOnConnectionWorkQueueCallback(didCloseOnConnectionWorkQueue);
initializeConnection(m_connection.get());
m_connection->open();
}
void ChildProcess::initialize(const ChildProcessInitializationParameters& parameters)
{
platformInitialize();
#if PLATFORM(COCOA)
m_priorityBoostMessage = parameters.priorityBoostMessage;
#endif
initializeProcess(parameters);
initializeProcessName(parameters);
SandboxInitializationParameters sandboxParameters;
initializeSandbox(parameters, sandboxParameters);
m_connection = IPC::Connection::createClientConnection(parameters.connectionIdentifier, *this);
m_connection->setDidCloseOnConnectionWorkQueueCallback(didCloseOnConnectionWorkQueue);
initializeConnection(m_connection.get());
m_connection->open();
}
static bool run(int argc, char *const argv[])
{
struct passwd* userInfo = getpwuid(getuid());
if (!userInfo) {
fprintf(stderr, "Couldn't get the current user: %s.\n", strerror(errno));
return false;
}
appendDirectoryComponent(sandboxDirectory, userInfo->pw_dir, "/.wk2-sandbox");
// Currently we use 'nobody' user as the sandbox user and fall back to the real user
// if we failed to get it (we could extend this in the future with a specific restricted user).
if (struct passwd* nobodyUser = getpwnam("nobody")) {
sandboxUserUID = nobodyUser->pw_uid;
sandboxUserGID = nobodyUser->pw_gid;
} else {
sandboxUserUID = getuid();
sandboxUserGID = getgid();
}
// We should have three parameters:
// path_of_this_binary path_of_the_webprocess socket_to_communicate_with_uiprocess
if (argc != 3) {
fprintf(stderr, "Starting SandboxProcess requires 3 parameters!\n");
return false;
}
// SandboxProcess should be run with suid flag ...
if (geteuid()) {
fprintf(stderr, "The sandbox is not seteuid root.\n");
return false;
}
// ... but not as root (not with sudo).
if (!getuid()) {
fprintf(stderr, "The sandbox is not designed to be run by root.\n");
return false;
}
if (!initializeSandbox())
return false;
if (!restrictCapabilities())
return false;
// We move ourself and our children into a new PID namespace,
// where process IDs start from 0 again.
if (!moveToNewPIDNamespace())
return false;
// Starting a helper what will waiting for the "chrootme" message from WebProcess.
if (!prepareAndStartChangeRootHelper())
return false;
// We don't need any special privileges anymore.
if (!dropPrivileges())
return false;
// Sanity check: if our effective or real uid/gid is still 0 (root) or
// we can set any of them to 0, then the dropping of privileges is failed.
// We ensure here that we cannot set root id after here.
if (!geteuid() || !getegid() || !setuid(0) || !setgid(0)) {
fprintf(stderr, "Dropping privileges failed!\n");
return false;
}
// Start the WebProcess.
if (execl(argv[1], argv[1], argv[2], reinterpret_cast<char*>(0)) == -1) {
fprintf(stderr, "Couldn't start WebProcess: %s\n", strerror(errno));
return false;
}
return true;
}
