fix: allow unsandboxed renderers to request new privileges (#19953)
* fix: allow unsandboxed renderers to request new privileges * add test
This commit is contained in:
parent
ae9424d93a
commit
832c926712
3 changed files with 44 additions and 0 deletions
|
@ -155,6 +155,19 @@ describe('node feature', () => {
|
|||
})
|
||||
})
|
||||
})
|
||||
|
||||
describe('child_process.exec', () => {
|
||||
(process.platform === 'linux' ? it : it.skip)('allows executing a setuid binary from non-sandboxed renderer', () => {
|
||||
// Chrome uses prctl(2) to set the NO_NEW_PRIVILEGES flag on Linux (see
|
||||
// https://github.com/torvalds/linux/blob/40fde647cc/Documentation/userspace-api/no_new_privs.rst).
|
||||
// We disable this for unsandboxed processes, which the remote tests
|
||||
// are running in. If this test fails with an error like 'effective uid
|
||||
// is not 0', then it's likely that our patch to prevent the flag from
|
||||
// being set has become ineffective.
|
||||
const stdout = ChildProcess.execSync('sudo --help')
|
||||
expect(stdout).to.not.be.empty()
|
||||
})
|
||||
})
|
||||
})
|
||||
|
||||
describe('contexts', () => {
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue