diff options
| author | wfh@chromium.org <wfh@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-11-02 00:16:13 +0000 |
|---|---|---|
| committer | wfh@chromium.org <wfh@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-11-02 00:16:13 +0000 |
| commit | 7b61d12a34da9b210df4717656db950259a35d42 (patch) | |
| tree | 4be2b8a71148495da08d70da7a0363770f31fd73 /content/common/sandbox_win.cc | |
| parent | c8685e89720cdaa29c0204aa2c6532bd0a308119 (diff) | |
| download | chromium_src-7b61d12a34da9b210df4717656db950259a35d42.zip chromium_src-7b61d12a34da9b210df4717656db950259a35d42.tar.gz chromium_src-7b61d12a34da9b210df4717656db950259a35d42.tar.bz2 | |
Check for WRITE_DAC in the Access Mask as this can be used to change the DACL which is something we don't want to allow.
Fix corresponding issue found with this additional check where the permissions on the shared memory object used in the GPU host were too broad.
BUG=307301
Review URL: https://codereview.chromium.org/51053003
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@232521 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'content/common/sandbox_win.cc')
| -rw-r--r-- | content/common/sandbox_win.cc | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/content/common/sandbox_win.cc b/content/common/sandbox_win.cc index e71cdaf..fbf6675 100644 --- a/content/common/sandbox_win.cc +++ b/content/common/sandbox_win.cc @@ -432,6 +432,9 @@ void CheckDuplicateHandle(HANDLE handle) { &size); CHECK(NT_SUCCESS(error)); + CHECK(!(basic_info.GrantedAccess & WRITE_DAC)) << + kDuplicateHandleWarning; + if (0 == _wcsicmp(type_info->Name.Buffer, L"Process")) { const ACCESS_MASK kDangerousMask = ~(PROCESS_QUERY_LIMITED_INFORMATION | SYNCHRONIZE); |