зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1434282: Use MITIGATION_IMAGE_LOAD_NO_REMOTE/LOW_LABEL for all sandboxed child processes. r=handyman
When running from a network drive we have to remove these mitigations, otherwise the loading of our own DLLs will fail. This also removes the custom mitigations list for the WMF CDM utility sandbox, because the only difference was MITIGATION_IMAGE_LOAD_PREFER_SYS32, which should not cause any issues. Depends on D182486 Differential Revision: https://phabricator.services.mozilla.com/D182561
This commit is contained in:
Родитель
9ac9110ed8
Коммит
04a22e2232
|
@ -277,6 +277,18 @@ Result<Ok, mozilla::ipc::LaunchError> SandboxBroker::LaunchApp(
|
|||
mPolicy->SetStdoutHandle(::GetStdHandle(STD_OUTPUT_HANDLE));
|
||||
mPolicy->SetStderrHandle(::GetStdHandle(STD_ERROR_HANDLE));
|
||||
|
||||
// If we're running from a network drive then we can't block loading from
|
||||
// remote locations. Strangely using MITIGATION_IMAGE_LOAD_NO_LOW_LABEL in
|
||||
// this situation also means the process fails to start (bug 1423296).
|
||||
if (sRunningFromNetworkDrive) {
|
||||
sandbox::MitigationFlags mitigations = mPolicy->GetProcessMitigations();
|
||||
mitigations &= ~(sandbox::MITIGATION_IMAGE_LOAD_NO_REMOTE |
|
||||
sandbox::MITIGATION_IMAGE_LOAD_NO_LOW_LABEL);
|
||||
MOZ_RELEASE_ASSERT(
|
||||
mPolicy->SetProcessMitigations(mitigations) == sandbox::SBOX_ALL_OK,
|
||||
"Setting the reduced set of flags should always succeed");
|
||||
}
|
||||
|
||||
// If logging enabled, set up the policy.
|
||||
if (aEnableLogging) {
|
||||
ApplyLoggingPolicy();
|
||||
|
@ -943,6 +955,8 @@ void SandboxBroker::SetSecurityLevelForContentProcess(int32_t aSandboxLevel,
|
|||
sandbox::MITIGATION_BOTTOM_UP_ASLR | sandbox::MITIGATION_HEAP_TERMINATE |
|
||||
sandbox::MITIGATION_SEHOP | sandbox::MITIGATION_DEP_NO_ATL_THUNK |
|
||||
sandbox::MITIGATION_DEP | sandbox::MITIGATION_EXTENSION_POINT_DISABLE |
|
||||
sandbox::MITIGATION_IMAGE_LOAD_NO_REMOTE |
|
||||
sandbox::MITIGATION_IMAGE_LOAD_NO_LOW_LABEL |
|
||||
sandbox::MITIGATION_IMAGE_LOAD_PREFER_SYS32;
|
||||
|
||||
#if defined(_M_ARM64)
|
||||
|
@ -952,16 +966,6 @@ void SandboxBroker::SetSecurityLevelForContentProcess(int32_t aSandboxLevel,
|
|||
}
|
||||
#endif
|
||||
|
||||
if (aSandboxLevel > 3) {
|
||||
// If we're running from a network drive then we can't block loading from
|
||||
// remote locations. Strangely using MITIGATION_IMAGE_LOAD_NO_LOW_LABEL in
|
||||
// this situation also means the process fails to start (bug 1423296).
|
||||
if (!sRunningFromNetworkDrive) {
|
||||
mitigations |= sandbox::MITIGATION_IMAGE_LOAD_NO_REMOTE |
|
||||
sandbox::MITIGATION_IMAGE_LOAD_NO_LOW_LABEL;
|
||||
}
|
||||
}
|
||||
|
||||
if (StaticPrefs::security_sandbox_content_shadow_stack_enabled()) {
|
||||
mitigations |= sandbox::MITIGATION_CET_COMPAT_MODE;
|
||||
}
|
||||
|
@ -1184,7 +1188,8 @@ void SandboxBroker::SetSecurityLevelForGPUProcess(int32_t aSandboxLevel) {
|
|||
sandbox::MitigationFlags mitigations =
|
||||
sandbox::MITIGATION_BOTTOM_UP_ASLR | sandbox::MITIGATION_HEAP_TERMINATE |
|
||||
sandbox::MITIGATION_SEHOP | sandbox::MITIGATION_DEP_NO_ATL_THUNK |
|
||||
sandbox::MITIGATION_DEP;
|
||||
sandbox::MITIGATION_IMAGE_LOAD_NO_REMOTE |
|
||||
sandbox::MITIGATION_IMAGE_LOAD_NO_LOW_LABEL | sandbox::MITIGATION_DEP;
|
||||
|
||||
if (StaticPrefs::security_sandbox_gpu_shadow_stack_enabled()) {
|
||||
mitigations |= sandbox::MITIGATION_CET_COMPAT_MODE;
|
||||
|
@ -1290,6 +1295,8 @@ bool SandboxBroker::SetSecurityLevelForRDDProcess() {
|
|||
sandbox::MITIGATION_SEHOP | sandbox::MITIGATION_EXTENSION_POINT_DISABLE |
|
||||
sandbox::MITIGATION_DEP_NO_ATL_THUNK | sandbox::MITIGATION_DEP |
|
||||
sandbox::MITIGATION_NONSYSTEM_FONT_DISABLE |
|
||||
sandbox::MITIGATION_IMAGE_LOAD_NO_REMOTE |
|
||||
sandbox::MITIGATION_IMAGE_LOAD_NO_LOW_LABEL |
|
||||
sandbox::MITIGATION_IMAGE_LOAD_PREFER_SYS32;
|
||||
|
||||
if (StaticPrefs::security_sandbox_rdd_shadow_stack_enabled()) {
|
||||
|
@ -1395,6 +1402,8 @@ bool SandboxBroker::SetSecurityLevelForSocketProcess() {
|
|||
sandbox::MITIGATION_SEHOP | sandbox::MITIGATION_EXTENSION_POINT_DISABLE |
|
||||
sandbox::MITIGATION_DEP_NO_ATL_THUNK | sandbox::MITIGATION_DEP |
|
||||
sandbox::MITIGATION_NONSYSTEM_FONT_DISABLE |
|
||||
sandbox::MITIGATION_IMAGE_LOAD_NO_REMOTE |
|
||||
sandbox::MITIGATION_IMAGE_LOAD_NO_LOW_LABEL |
|
||||
sandbox::MITIGATION_IMAGE_LOAD_PREFER_SYS32;
|
||||
|
||||
if (StaticPrefs::security_sandbox_socket_shadow_stack_enabled()) {
|
||||
|
@ -1475,6 +1484,8 @@ struct UtilitySandboxProps {
|
|||
sandbox::MITIGATION_SEHOP | sandbox::MITIGATION_EXTENSION_POINT_DISABLE |
|
||||
sandbox::MITIGATION_DEP_NO_ATL_THUNK | sandbox::MITIGATION_DEP |
|
||||
sandbox::MITIGATION_NONSYSTEM_FONT_DISABLE |
|
||||
sandbox::MITIGATION_IMAGE_LOAD_NO_REMOTE |
|
||||
sandbox::MITIGATION_IMAGE_LOAD_NO_LOW_LABEL |
|
||||
sandbox::MITIGATION_IMAGE_LOAD_PREFER_SYS32 |
|
||||
sandbox::MITIGATION_CET_COMPAT_MODE;
|
||||
|
||||
|
@ -1548,14 +1559,6 @@ struct UtilityMfMediaEngineCdmSandboxProps : public UtilitySandboxProps {
|
|||
};
|
||||
}
|
||||
mUseWin32kLockdown = false;
|
||||
mInitialMitigations =
|
||||
sandbox::MITIGATION_BOTTOM_UP_ASLR |
|
||||
sandbox::MITIGATION_HEAP_TERMINATE | sandbox::MITIGATION_SEHOP |
|
||||
sandbox::MITIGATION_EXTENSION_POINT_DISABLE |
|
||||
sandbox::MITIGATION_DEP_NO_ATL_THUNK | sandbox::MITIGATION_DEP |
|
||||
sandbox::MITIGATION_NONSYSTEM_FONT_DISABLE |
|
||||
sandbox::MITIGATION_CET_COMPAT_MODE;
|
||||
|
||||
mDelayedMitigations = sandbox::MITIGATION_DLL_SEARCH_ORDER;
|
||||
}
|
||||
};
|
||||
|
@ -1800,6 +1803,8 @@ bool SandboxBroker::SetSecurityLevelForGMPlugin(SandboxLevel aLevel,
|
|||
sandbox::MITIGATION_BOTTOM_UP_ASLR | sandbox::MITIGATION_HEAP_TERMINATE |
|
||||
sandbox::MITIGATION_SEHOP | sandbox::MITIGATION_EXTENSION_POINT_DISABLE |
|
||||
sandbox::MITIGATION_NONSYSTEM_FONT_DISABLE |
|
||||
sandbox::MITIGATION_IMAGE_LOAD_NO_REMOTE |
|
||||
sandbox::MITIGATION_IMAGE_LOAD_NO_LOW_LABEL |
|
||||
sandbox::MITIGATION_DEP_NO_ATL_THUNK | sandbox::MITIGATION_DEP;
|
||||
|
||||
if (StaticPrefs::security_sandbox_gmp_shadow_stack_enabled()) {
|
||||
|
|
Загрузка…
Ссылка в новой задаче