Reland "Stop removing rpath_for_built_shared_libraries from chrome_sandbox"
This is a reland of43a48785f2
After [1], the RPATH is no longer set for sanitizer builds. Also, after [2], the setuid bit is no longer set on chrome_sandbox anyway. [1]f002a96e9b
[2]de3a6f421e
Original change's description: > Stop removing rpath_for_built_shared_libraries from chrome_sandbox > > For instrumented builds like tsan, this causes chrome_sandbox to reference the > wrong libc++.so due to a missing RPATH. > > Since all configurations we ship don't set RPATH, we don't have to worry about > security vulnerabilities introduced by RPATH=$ORIGIN. There's also a check to > enforce this in chrome/installer/linux/common/installer.include. > > BUG=850682 > > Change-Id: I25307bd9de388009acffdbb8de6717210873655b > Reviewed-on: https://chromium-review.googlesource.com/1092077 > Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org> > Reviewed-by: Dirk Pranke <dpranke@chromium.org> > Commit-Queue: Thomas Anderson <thomasanderson@chromium.org> > Cr-Commit-Position: refs/heads/master@{#566099} Bug: 850682 Change-Id: I82fda0bd5b8f0222d64dcf6c4b7d1199c7e5e585 Reviewed-on: https://chromium-review.googlesource.com/1150254 Reviewed-by: Nico Weber <thakis@chromium.org> Reviewed-by: Robert Sesek <rsesek@chromium.org> Commit-Queue: Thomas Anderson <thomasanderson@chromium.org> Cr-Commit-Position: refs/heads/master@{#578346}
This commit is contained in:
@ -98,10 +98,6 @@ config("rpath_for_built_shared_libraries") {
|
||||
|
||||
# Settings for executables.
|
||||
config("executable_ldconfig") {
|
||||
# WARNING! //sandbox/linux:chrome_sandbox will not pick up this
|
||||
# config, because it is a setuid binary that needs special flags.
|
||||
# If you add things to this config, make sure you check to see
|
||||
# if they should be added to that target as well.
|
||||
ldflags = []
|
||||
if (is_android) {
|
||||
ldflags += [
|
||||
|
@ -319,25 +319,6 @@ if (is_linux) {
|
||||
# TODO fix this and re-enable this warning.
|
||||
"-Wno-sign-compare",
|
||||
]
|
||||
|
||||
import("//build/config/compiler/compiler.gni")
|
||||
import("//build/config/sanitizers/sanitizers.gni")
|
||||
if (is_component_build || using_sanitizer) {
|
||||
# WARNING! We remove this config so that we don't accidentally
|
||||
# pick up the //build/config:rpath_for_built_shared_libraries
|
||||
# sub-config. However, this means that we need to duplicate any
|
||||
# other flags that executable_config might have.
|
||||
configs -= [ "//build/config:executable_config" ]
|
||||
if (!use_gold) {
|
||||
ldflags = [ "-Wl,--disable-new-dtags" ]
|
||||
}
|
||||
}
|
||||
|
||||
# We also do not want to pick up any of the other sanitizer
|
||||
# flags (i.e. we do not want to build w/ the sanitizers at all).
|
||||
# This is safe to delete unconditionally, because it is part of the
|
||||
# default configs and empty when not using the sanitizers.
|
||||
configs -= [ "//build/config/sanitizers:default_sanitizer_flags" ]
|
||||
}
|
||||
}
|
||||
|
||||
|
Reference in New Issue
Block a user