Ensure urandom FD is warmed before zygote fork

We use base::RandUint64 to warm the urandom FD on POSIX, ensuring it's
open by the time the zygote forks.

This was broken by
https://chromium-review.googlesource.com/c/chromium/src/+/2380673 which
results in RandUint64 generally not opening urandom.

To avoid the issue, this CL explicitly calls base::GetUrandomFD()
instead of RandUint64 during pre-zygote init. This way, if RandBytes
needs to fall back onto urandom in a sandboxed process, it won't
fail.

Fixed: 1141593
Change-Id: I36996fafea79170e7c3dddb219695e88b8213033
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2492942
Reviewed-by: Chris Palmer <palmer@chromium.org>
Commit-Queue: Chris Palmer <palmer@chromium.org>
Commit-Queue: Ken Rockot <rockot@google.com>
Auto-Submit: Ken Rockot <rockot@google.com>
Cr-Commit-Position: refs/heads/master@{#820016}

This commit is contained in:

Ken Rockot

2020-10-22 21:27:56 +00:00

committed by

Commit Bot

parent 0bd5f03b01

commit 0aa0b85bef

1 changed files with 1 additions and 1 deletions

									
										2

content/zygote/zygote_main_linux.cc
									
				@ -72,7 +72,7 @@ base::OnceClosure ClosureFromTwoClosures(base::OnceClosure one,

				// This function triggers the static and lazy construction of objects that need

				// to be created before imposing the sandbox.

				static void ZygotePreSandboxInit() {

				  base::RandUint64();

				  base::GetUrandomFD();

				  base::SysInfo::AmountOfPhysicalMemory();

				  base::SysInfo::NumberOfProcessors();

Ensure urandom FD is warmed before zygote fork

2 content/zygote/zygote_main_linux.cc

2

content/zygote/zygote_main_linux.cc