diff options
Diffstat (limited to 'chromium/sandbox/win/src/window.cc')
-rw-r--r-- | chromium/sandbox/win/src/window.cc | 33 |
1 files changed, 23 insertions, 10 deletions
diff --git a/chromium/sandbox/win/src/window.cc b/chromium/sandbox/win/src/window.cc index d8de9672726..6b5766b325b 100644 --- a/chromium/sandbox/win/src/window.cc +++ b/chromium/sandbox/win/src/window.cc @@ -8,6 +8,8 @@ #include "base/logging.h" #include "base/memory/scoped_ptr.h" +#include "sandbox/win/src/acl.h" +#include "sandbox/win/src/sid.h" namespace { @@ -46,14 +48,15 @@ ResultCode CreateAltWindowStation(HWINSTA* winsta) { *winsta = ::CreateWindowStationW(NULL, 0, WINSTA_ALL_ACCESS, &attributes); LocalFree(attributes.lpSecurityDescriptor); - if (*winsta) + if (*winsta) { return SBOX_ALL_OK; + } return SBOX_ERROR_CANNOT_CREATE_WINSTATION; } ResultCode CreateAltDesktop(HWINSTA winsta, HDESK* desktop) { - std::wstring desktop_name = L"sbox_alternate_desktop_"; + base::string16 desktop_name = L"sbox_alternate_desktop_"; // Append the current PID to the desktop name. wchar_t buffer[16]; @@ -94,20 +97,30 @@ ResultCode CreateAltDesktop(HWINSTA winsta, HDESK* desktop) { } } - if (*desktop) + if (*desktop) { + // Replace the DACL on the new Desktop with a reduced privilege version. + // We can soft fail on this for now, as it's just an extra mitigation. + static const ACCESS_MASK kDesktopDenyMask = WRITE_DAC | WRITE_OWNER | + DESKTOP_HOOKCONTROL | + DESKTOP_JOURNALPLAYBACK | + DESKTOP_JOURNALRECORD | + DESKTOP_SWITCHDESKTOP; + AddKnownSidToObject(*desktop, SE_WINDOW_OBJECT, Sid(WinRestrictedCodeSid), + DENY_ACCESS, kDesktopDenyMask); return SBOX_ALL_OK; + } return SBOX_ERROR_CANNOT_CREATE_DESKTOP; } -std::wstring GetWindowObjectName(HANDLE handle) { +base::string16 GetWindowObjectName(HANDLE handle) { // Get the size of the name. DWORD size = 0; ::GetUserObjectInformation(handle, UOI_NAME, NULL, 0, &size); if (!size) { NOTREACHED(); - return std::wstring(); + return base::string16(); } // Create the buffer that will hold the name. @@ -117,19 +130,19 @@ std::wstring GetWindowObjectName(HANDLE handle) { if (!::GetUserObjectInformation(handle, UOI_NAME, name_buffer.get(), size, &size)) { NOTREACHED(); - return std::wstring(); + return base::string16(); } - return std::wstring(name_buffer.get()); + return base::string16(name_buffer.get()); } -std::wstring GetFullDesktopName(HWINSTA winsta, HDESK desktop) { +base::string16 GetFullDesktopName(HWINSTA winsta, HDESK desktop) { if (!desktop) { NOTREACHED(); - return std::wstring(); + return base::string16(); } - std::wstring name; + base::string16 name; if (winsta) { name = GetWindowObjectName(winsta); name += L'\\'; |