mirror of
https://github.com/electron/electron.git
synced 2026-01-09 23:48:01 -05:00
0c45d160d6
* chore: bump chromium in DEPS to 118.0.5949.0 * chore: update mas_disable_remote_accessibility.patch Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4705386 no manual code changes; existing patch applied with fuzz * chore: update printing.patch Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4779059 no manual code changes; existing patch applied with fuzz * chore: add OffScreenRenderWidgetHostView::InvalidateLocalSurfaceIdAndAllocationGroup() Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4563504 Add an impl for a new pure virtual method that was added upstream. Local impl inspired by upstream implementations in same CL * chore: update patches --------- Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com> Co-authored-by: Charles Kerr <charles@charleskerr.com> Co-authored-by: PatchUp <73610968+patchup[bot]@users.noreply.github.com>
28 lines
1.3 KiB
Diff
28 lines
1.3 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Jeremy Apthorp <nornagon@nornagon.net>
|
|
Date: Mon, 26 Aug 2019 12:02:51 -0700
|
|
Subject: allow new privileges in unsandboxed child processes
|
|
|
|
This allows unsandboxed child process to launch setuid processes on Linux.
|
|
|
|
diff --git a/content/browser/child_process_launcher_helper_linux.cc b/content/browser/child_process_launcher_helper_linux.cc
|
|
index ff73345339ccaa9d5375184efb13185ed9f0a298..bd80ca431a5c50ac001d7607841c64e90f4fe4c3 100644
|
|
--- a/content/browser/child_process_launcher_helper_linux.cc
|
|
+++ b/content/browser/child_process_launcher_helper_linux.cc
|
|
@@ -63,6 +63,15 @@ bool ChildProcessLauncherHelper::BeforeLaunchOnLauncherThread(
|
|
options->fds_to_remap.emplace_back(sandbox_fd, GetSandboxFD());
|
|
}
|
|
|
|
+ // (For Electron), if we're launching without zygote, that means we're
|
|
+ // launching an unsandboxed process (since all sandboxed processes are
|
|
+ // forked from the zygote). Relax the allow_new_privs option to permit
|
|
+ // launching suid processes from unsandboxed child processes.
|
|
+ if (!base::CommandLine::ForCurrentProcess()->HasSwitch(switches::kNoZygote) &&
|
|
+ delegate_->GetZygote() == nullptr) {
|
|
+ options->allow_new_privs = true;
|
|
+ }
|
|
+
|
|
options->environment = delegate_->GetEnvironment();
|
|
} else {
|
|
DCHECK(GetZygoteForLaunch());
|