diff options
| author | dharani@google.com <dharani@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-10-02 15:24:18 +0000 |
|---|---|---|
| committer | dharani@google.com <dharani@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-10-02 15:24:18 +0000 |
| commit | 143d9ab58906bb93b3f7b0fc78dc2c1026b7b80f (patch) | |
| tree | 687a50937ee5cb612993d0374d95e810ae0bd68c | |
| parent | a6c9671b3893c08d95769d8dae5d72d316c9afa9 (diff) | |
| download | chromium_src-143d9ab58906bb93b3f7b0fc78dc2c1026b7b80f.zip chromium_src-143d9ab58906bb93b3f7b0fc78dc2c1026b7b80f.tar.gz chromium_src-143d9ab58906bb93b3f7b0fc78dc2c1026b7b80f.tar.bz2 | |
Revert 158124 - Enable more mitigations
The first patch matched our previous mitigations. This adds new ones.
BUG=147752
Review URL: https://chromiumcodereview.appspot.com/10913305
TBR=jschuh@chromium.org
Review URL: https://codereview.chromium.org/11039023
git-svn-id: svn://svn.chromium.org/chrome/branches/1284/src@159687 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | content/common/sandbox_policy.cc | 48 |
1 files changed, 21 insertions, 27 deletions
diff --git a/content/common/sandbox_policy.cc b/content/common/sandbox_policy.cc index 4a2270e..6399de2 100644 --- a/content/common/sandbox_policy.cc +++ b/content/common/sandbox_policy.cc @@ -727,33 +727,27 @@ base::ProcessHandle StartProcessWithAccess(CommandLine* cmd_line, return process; } - // TODO(jschuh): Make NaCl work with DEP and SEHOP. crbug.com/147752 - sandbox::MitigationFlags mitigations = MITIGATION_HEAP_TERMINATE | - MITIGATION_BOTTOM_UP_ASLR | - MITIGATION_HIGH_ENTROPY_ASLR; -#if !defined(NACL_WIN64) - mitigations |= MITIGATION_DEP | - MITIGATION_DEP_NO_ATL_THUNK | - MITIGATION_SEHOP; -#if defined(NDEBUG) - mitigations |= MITIGATION_RELOCATE_IMAGE | - MITIGATION_RELOCATE_IMAGE_REQUIRED; -#endif -#endif - - if (policy->SetProcessMitigations(mitigations) != sandbox::SBOX_ALL_OK) - return 0; - - mitigations = MITIGATION_STRICT_HANDLE_CHECKS | - MITIGATION_EXTENSION_DLL_DISABLE | - MITIGATION_DLL_SEARCH_ORDER; -#if defined(NACL_WIN64) - mitigations |= MITIGATION_DEP | - MITIGATION_DEP_NO_ATL_THUNK; -#endif - - if (policy->SetDelayedProcessMitigations(mitigations) != sandbox::SBOX_ALL_OK) - return 0; + // TODO(jschuh): Add all Win8 mitigations. crbug.com/147752 + if (type != content::PROCESS_TYPE_NACL_LOADER) { + if (policy->SetProcessMitigations(MITIGATION_DEP | + MITIGATION_DEP_NO_ATL_THUNK | + MITIGATION_SEHOP | + MITIGATION_BOTTOM_UP_ASLR) + != sandbox::SBOX_ALL_OK) { + return 0; + } + } else { + // TODO(jschuh): Make NaCl work with DEP and SEHOP. crbug.com/147752 + if (policy->SetDelayedProcessMitigations(MITIGATION_DEP | + MITIGATION_DEP_NO_ATL_THUNK) + != sandbox::SBOX_ALL_OK) { + return 0; + } + if (policy->SetProcessMitigations(MITIGATION_BOTTOM_UP_ASLR) + != sandbox::SBOX_ALL_OK) { + return 0; + } + } if (type == content::PROCESS_TYPE_PLUGIN) { AddGenericDllEvictionPolicy(policy); |