summaryrefslogtreecommitdiffstats
path: root/ipc
diff options
context:
space:
mode:
authorforshaw <forshaw@chromium.org>2014-12-16 13:32:53 -0800
committerCommit bot <commit-bot@chromium.org>2014-12-16 21:33:46 +0000
commit4a94dff0a3a7c847e59b649a8b5b9729e45fa65f (patch)
tree0faa46ec4e688c3e51ac47b33f074f1020343caa /ipc
parent1eb123b01ac02e2fe507b0956f640db5476cf7ff (diff)
downloadchromium_src-4a94dff0a3a7c847e59b649a8b5b9729e45fa65f.zip
chromium_src-4a94dff0a3a7c847e59b649a8b5b9729e45fa65f.tar.gz
chromium_src-4a94dff0a3a7c847e59b649a8b5b9729e45fa65f.tar.bz2
Changed identification level to anonymous for windows IPC channel
This patch makes some changes to impersonation levels for pipes used in IPC. It changes the default level for the IPC channel client to use SECURITY_ANONYMOUS and also modified the sandbox's file policy code to always pass a SecurityAnonymous QOS structure to all file creations and opens. This was done to avoid modifying the IPC calls themselves to add the QOS information. The aim of the patch is to reduce the possibility of impersonation tokens leaking to less trusted processes during normal operation. This is a counterpart to CL 799943002 BUG=440694 Review URL: https://codereview.chromium.org/811763002 Cr-Commit-Position: refs/heads/master@{#308670}
Diffstat (limited to 'ipc')
-rw-r--r--ipc/ipc_channel_win.cc2
1 files changed, 1 insertions, 1 deletions
diff --git a/ipc/ipc_channel_win.cc b/ipc/ipc_channel_win.cc
index 2d97992..2ad638b 100644
--- a/ipc/ipc_channel_win.cc
+++ b/ipc/ipc_channel_win.cc
@@ -262,7 +262,7 @@ bool ChannelWin::CreatePipe(const IPC::ChannelHandle &channel_handle,
0,
NULL,
OPEN_EXISTING,
- SECURITY_SQOS_PRESENT | SECURITY_IDENTIFICATION |
+ SECURITY_SQOS_PRESENT | SECURITY_ANONYMOUS |
FILE_FLAG_OVERLAPPED,
NULL));
} else {