diff options
| author | nsylvain@chromium.org <nsylvain@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-05-20 16:05:56 +0000 |
|---|---|---|
| committer | nsylvain@chromium.org <nsylvain@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-05-20 16:05:56 +0000 |
| commit | ff608eb386a2662bbe076a2a59b21eb90bc34532 (patch) | |
| tree | 63c82289115c4b64d6d444816aab4f895f43917c /chrome/renderer | |
| parent | 1e3af029048d55a3b7c39100683121d71c8ea673 (diff) | |
| download | chromium_src-ff608eb386a2662bbe076a2a59b21eb90bc34532.zip chromium_src-ff608eb386a2662bbe076a2a59b21eb90bc34532.tar.gz chromium_src-ff608eb386a2662bbe076a2a59b21eb90bc34532.tar.bz2 | |
Add support for alternate window station.
TEST: Start chrome, make sure it loads pages, then user process explorer to make sure the WindowStation handle name is not the same as the browser process.
BUG:10996
Review URL: http://codereview.chromium.org/113190
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@16483 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/renderer')
| -rw-r--r-- | chrome/renderer/renderer_main_platform_delegate_win.cc | 39 |
1 files changed, 35 insertions, 4 deletions
diff --git a/chrome/renderer/renderer_main_platform_delegate_win.cc b/chrome/renderer/renderer_main_platform_delegate_win.cc index cc5e2be..8d725e7 100644 --- a/chrome/renderer/renderer_main_platform_delegate_win.cc +++ b/chrome/renderer/renderer_main_platform_delegate_win.cc @@ -18,15 +18,44 @@ namespace { // can be done with OpenThemeData() but it fails unless you pass a valid // window at least the first time. Interestingly, the very act of creating a // window also sets the connection to the theme service. -void EnableThemeSupportForRenderer() { +void EnableThemeSupportForRenderer(bool no_sandbox) { + HWINSTA current = NULL; + HWINSTA winsta0 = NULL; + + if (!no_sandbox) { + current = ::GetProcessWindowStation(); + winsta0 = ::OpenWindowStationW(L"WinSta0", FALSE, GENERIC_READ); + if (!winsta0 || !::SetProcessWindowStation(winsta0)) { + // Could not set the alternate window station. There is a possibility + // that the theme wont be correctly initialized on XP. + NOTREACHED() << "Unable to switch to WinSt0"; + } + } + HWND window = ::CreateWindowExW(0, L"Static", L"", WS_POPUP | WS_DISABLED, CW_USEDEFAULT, 0, 0, 0, HWND_MESSAGE, NULL, ::GetModuleHandleA(NULL), NULL); if (!window) { DLOG(WARNING) << "failed to enable theme support"; - return; + } else { + ::DestroyWindow(window); + } + + if (!no_sandbox) { + // Revert the window station. + if (!current || !::SetProcessWindowStation(current)) { + // We failed to switch back to the secure window station. This might + // confuse the renderer enough that we should kill it now. + CHECK(false) << "Failed to restore alternate window station"; + } + + if (!::CloseWindowStation(winsta0)) { + // We might be leaking a winsta0 handle. This is a security risk, but + // since we allow fail over to no desktop protection in low memory + // condition, this is not a big risk. + NOTREACHED(); + } } - ::DestroyWindow(window); } } // namespace @@ -43,7 +72,9 @@ RendererMainPlatformDelegate::~RendererMainPlatformDelegate() { void RendererMainPlatformDelegate::PlatformInitialize() { // Be mindful of what resources you acquire here. They can be used by // malicious code if the renderer gets compromised. - EnableThemeSupportForRenderer(); + const CommandLine& command_line = parameters_.command_line_; + bool no_sandbox = command_line.HasSwitch(switches::kNoSandbox); + EnableThemeSupportForRenderer(no_sandbox); } void RendererMainPlatformDelegate::PlatformUninitialize() { |