Update TargetNtSetInformationThread to match chromium and hook NtImpersonateAnonymousToken to block before LowerToken
Categories
(Core :: Security: Process Sandboxing, enhancement, P1)
Tracking
()
Tracking | Status | |
---|---|---|
firefox117 | --- | fixed |
People
(Reporter: bobowen, Assigned: bobowen)
References
Details
Attachments
(2 files)
We have an older version of the chromium process sandbox code for the NtSetInformationThread
hook TargetNtSetInformationThread
.
There is some suspicion that this older version might be causing us to have an incorrect impersonation token in some circumstances, which might be causing bug 1825290.
We have this older version because we use non-restricted tokens when we are running from a network drive, because they automatically block access and our DLLs fail to load.
This means that during CoInitializeSecurity
a call to NtImpersonateAnonymousToken
is not blocked like it is for restricted tokens and without the older TargetNtSetInformationThread
code we block the call that sets our impersonation token back on the main thread.
This is all a bit fortunate, because the RevertToSelf
call that is supposed to revert the anonymous logon token in CoInitializeSecurity
fails and it is only because there is a later call to resume the impersonation further up the stack that saves us.
A better solution should be to block NtImpersonateAnonymousToken
before LowerToken
is called in the same way that it is with a restricted token.
We can then have the latest version of TargetNtSetInformationThread
, which blocks all impersonation token sets.
Assignee | ||
Comment 1•11 months ago
|
||
This also reverts the change to TargetNtSetInformationThread.
Assignee | ||
Comment 2•11 months ago
|
||
Depends on D181611
Assignee | ||
Comment 3•11 months ago
|
||
Pushed by bobowencode@gmail.com: https://hg.mozilla.org/integration/autoland/rev/429ad02d111c p1: Hook NtImpersonateAnonymousToken to block before LowerToken. r=handyman https://hg.mozilla.org/integration/autoland/rev/3afcc1296ba1 p2: Add TargetNtImpersonateAnonymousToken and remove TargetNtSetInformationThread patch. r=handyman
Comment 5•11 months ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/429ad02d111c
https://hg.mozilla.org/mozilla-central/rev/3afcc1296ba1
Description
•