зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1199481 - Complain more when entering sandboxing code as root. r=kang
This commit is contained in:
Родитель
7c8e037b3f
Коммит
52cee33b7e
|
@ -84,6 +84,15 @@ public:
|
|||
}
|
||||
}
|
||||
|
||||
bool AnyEffective() const {
|
||||
for (size_t i = 0; i < _LINUX_CAPABILITY_U32S_3; ++i) {
|
||||
if (mBits[i].effective != 0) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
// These three methods expose individual bits in the three
|
||||
// capability sets as objects that can be used as bool lvalues.
|
||||
// The argument is the capability number, as defined in
|
||||
|
|
|
@ -558,8 +558,22 @@ SandboxEarlyInit(GeckoProcessType aType, bool aIsNuwa)
|
|||
return;
|
||||
}
|
||||
|
||||
{
|
||||
LinuxCapabilities existingCaps;
|
||||
if (existingCaps.GetCurrent() && existingCaps.AnyEffective()) {
|
||||
SANDBOX_LOG_ERROR("PLEASE DO NOT RUN THIS AS ROOT. Strange things may"
|
||||
" happen when capabilities are dropped.");
|
||||
}
|
||||
}
|
||||
|
||||
// If capabilities can't be gained, then nothing can be done.
|
||||
if (!info.Test(SandboxInfo::kHasUserNamespaces)) {
|
||||
// Drop any existing capabilities; unsharing the user namespace
|
||||
// would implicitly drop them, so if we're running in a broken
|
||||
// configuration where that would matter (e.g., running as root
|
||||
// from a non-root-owned mode-0700 directory) this means it will
|
||||
// break the same way on all kernels and be easier to troubleshoot.
|
||||
LinuxCapabilities().SetCurrent();
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
Загрузка…
Ссылка в новой задаче