summaryrefslogtreecommitdiffstats
path: root/base/process_util_win.cc
diff options
context:
space:
mode:
authorphajdan.jr@chromium.org <phajdan.jr@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2009-06-19 11:25:02 +0000
committerphajdan.jr@chromium.org <phajdan.jr@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2009-06-19 11:25:02 +0000
commit1fcc9edcf037375d6b5b67fbca1eab3c19a68c33 (patch)
treebf0bd24602579db2eb9d5b38fcb9be96b672b0f7 /base/process_util_win.cc
parentccaddf9653bd5ddb1ae1426cfa61572385ed717d (diff)
downloadchromium_src-1fcc9edcf037375d6b5b67fbca1eab3c19a68c33.zip
chromium_src-1fcc9edcf037375d6b5b67fbca1eab3c19a68c33.tar.gz
chromium_src-1fcc9edcf037375d6b5b67fbca1eab3c19a68c33.tar.bz2
Don't grant unnecessary handle privileges in OpenProcessHandle.
This patch makes it harder for process handles with more privileges to leak to untrusted places. Review URL: http://codereview.chromium.org/125260 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@18802 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'base/process_util_win.cc')
-rw-r--r--base/process_util_win.cc9
1 files changed, 4 insertions, 5 deletions
diff --git a/base/process_util_win.cc b/base/process_util_win.cc
index aea8cb9..eaa6c88 100644
--- a/base/process_util_win.cc
+++ b/base/process_util_win.cc
@@ -34,11 +34,10 @@ ProcessHandle GetCurrentProcessHandle() {
}
bool OpenProcessHandle(ProcessId pid, ProcessHandle* handle) {
- // TODO(phajdan.jr): Take even more permissions out of this list.
- ProcessHandle result = OpenProcess(PROCESS_DUP_HANDLE |
- PROCESS_TERMINATE |
- PROCESS_QUERY_INFORMATION |
- SYNCHRONIZE,
+ // We try to limit privileges granted to the handle. If you need this
+ // for test code, consider using OpenPrivilegedProcessHandle instead of
+ // adding more privileges here.
+ ProcessHandle result = OpenProcess(PROCESS_DUP_HANDLE | PROCESS_TERMINATE,
FALSE, pid);
if (result == INVALID_HANDLE_VALUE)
generated by cgit v1.1 at 2025-01-18 07:42:13 +0000