void ChildProcess::initialize(const ChildProcessInitializationParameters& parameters) { platformInitialize(); initializeProcess(parameters); initializeProcessName(parameters); initializeSandbox(parameters); m_connection = CoreIPC::Connection::createClientConnection(parameters.connectionIdentifier, this, RunLoop::main()); m_connection->setDidCloseOnConnectionWorkQueueCallback(didCloseOnConnectionWorkQueue); initializeConnection(m_connection.get()); m_connection->open(); }
void ChildProcess::initialize(const ChildProcessInitializationParameters& parameters) { platformInitialize(); #if PLATFORM(COCOA) m_priorityBoostMessage = parameters.priorityBoostMessage; #endif initializeProcess(parameters); initializeProcessName(parameters); SandboxInitializationParameters sandboxParameters; initializeSandbox(parameters, sandboxParameters); m_connection = IPC::Connection::createClientConnection(parameters.connectionIdentifier, *this); m_connection->setDidCloseOnConnectionWorkQueueCallback(didCloseOnConnectionWorkQueue); initializeConnection(m_connection.get()); m_connection->open(); }
static bool run(int argc, char *const argv[]) { struct passwd* userInfo = getpwuid(getuid()); if (!userInfo) { fprintf(stderr, "Couldn't get the current user: %s.\n", strerror(errno)); return false; } appendDirectoryComponent(sandboxDirectory, userInfo->pw_dir, "/.wk2-sandbox"); // Currently we use 'nobody' user as the sandbox user and fall back to the real user // if we failed to get it (we could extend this in the future with a specific restricted user). if (struct passwd* nobodyUser = getpwnam("nobody")) { sandboxUserUID = nobodyUser->pw_uid; sandboxUserGID = nobodyUser->pw_gid; } else { sandboxUserUID = getuid(); sandboxUserGID = getgid(); } // We should have three parameters: // path_of_this_binary path_of_the_webprocess socket_to_communicate_with_uiprocess if (argc != 3) { fprintf(stderr, "Starting SandboxProcess requires 3 parameters!\n"); return false; } // SandboxProcess should be run with suid flag ... if (geteuid()) { fprintf(stderr, "The sandbox is not seteuid root.\n"); return false; } // ... but not as root (not with sudo). if (!getuid()) { fprintf(stderr, "The sandbox is not designed to be run by root.\n"); return false; } if (!initializeSandbox()) return false; if (!restrictCapabilities()) return false; // We move ourself and our children into a new PID namespace, // where process IDs start from 0 again. if (!moveToNewPIDNamespace()) return false; // Starting a helper what will waiting for the "chrootme" message from WebProcess. if (!prepareAndStartChangeRootHelper()) return false; // We don't need any special privileges anymore. if (!dropPrivileges()) return false; // Sanity check: if our effective or real uid/gid is still 0 (root) or // we can set any of them to 0, then the dropping of privileges is failed. // We ensure here that we cannot set root id after here. if (!geteuid() || !getegid() || !setuid(0) || !setgid(0)) { fprintf(stderr, "Dropping privileges failed!\n"); return false; } // Start the WebProcess. if (execl(argv[1], argv[1], argv[2], reinterpret_cast<char*>(0)) == -1) { fprintf(stderr, "Couldn't start WebProcess: %s\n", strerror(errno)); return false; } return true; }