Sandbox change. Remove inheritance of the duplicated tokens.

I don't think this is necessary at all and coult potentially leak tokens into other
child processes.


BUG=none
TEST=run chrome, verify renderers are sandboxed

Review URL: http://codereview.chromium.org/3386012

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@60136 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 4 insertions, 4 deletions

diff --git a/sandbox/src/restricted_token.cc b/sandbox/src/restricted_token.cc
index ed6279b..bac8816 100644
--- a/sandbox/src/restricted_token.cc
+++ b/sandbox/src/restricted_token.cc
@@ -138,8 +138,8 @@ unsigned RestrictedToken::GetRestrictedTokenHandle(HANDLE *token_handle) const {
                                   ::GetCurrentProcess(),
                                   token_handle,
                                   TOKEN_ALL_ACCESS,
-                                  TRUE,  // Inherit handle.
-                                  0);  // No options.
+                                  FALSE,  // Don't inherit.
+                                  0);
 
   if (new_token != effective_token_)
     ::CloseHandle(new_token);
@@ -176,8 +176,8 @@ unsigned RestrictedToken::GetRestrictedTokenHandleForImpersonation(
                                   ::GetCurrentProcess(),
                                   token_handle,
                                   TOKEN_ALL_ACCESS,
-                                  TRUE,  // Inherit handle.
-                                  0);  // No options.
+                                  FALSE,  // Don't inherit.
+                                  0);
 
   ::CloseHandle(impersonation_token);