Closed Bug 1066612 Opened 11 years ago Closed 8 years ago

[Tracking] See if any of the Chromium sandbox "process-level mitigations" should be applied to the GMP process.

Categories

(Core :: Security: Process Sandboxing, defect)

Product:
Core
Component:
Security: Process Sandboxing
Platform:
x86_64
Windows 7
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: bobowen, Unassigned)

References

Details

(Keywords: meta)

Here are the mitigations I was talking about in the meeting: http://dxr.mozilla.org/mozilla-central/source/security/sandbox/win/src/security_level.h#140 The ones that can be applied pre-process start-up are applied in BrokerServicesBase::SpawnTarget and the ones applied after process start-up are done as part of TargetServicesBase::LowerToken As far as I can tell Chromium is only setting the mitigations here and below: https://code.google.com/p/chromium/codesearch#chromium/src/content/common/sandbox_win.cc&l=645 It looks like this is for all process types. I'm not sure which of these, if any, might be relevant to us.
Move process sandboxing bugs to their new, separate component. (Sorry for the bugspam; filter on 3c21328c-8cfb-4819-9d88-f6e965067350.)
Component: Security → Security: Process Sandboxing
Depends on: 1121479
Depends on: 1129369
Keywords: meta
Summary: See if any of the Chromium sandbox "process-level mitigations" should be applied to the GMP process. → [Tracking] See if any of the Chromium sandbox "process-level mitigations" should be applied to the GMP process.
We should enable MITIGATION_WIN32K_DISABLE if possible, this would have most likely made http://breakingmalware.com/vulnerabilities/one-bit-rule-bypassing-windows-10-protections-using-single-bit/ impossible to exploit.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.