Chromium Code Reviews Chromium Code Reviews
Issue 12207106:
Ignore DEP and SEHOP flags on Win64 (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sandbox/win/src/process_mitigations.h" | 5 #include "sandbox/win/src/process_mitigations.h" |
| 6 | 6 |
| 7 #include "base/win/windows_version.h" | 7 #include "base/win/windows_version.h" |
| 8 #include "sandbox/win/src/nt_internals.h" | 8 #include "sandbox/win/src/nt_internals.h" |
| 9 #include "sandbox/win/src/sandbox_utils.h" | 9 #include "sandbox/win/src/sandbox_utils.h" |
| 10 #include "sandbox/win/src/win_utils.h" | 10 #include "sandbox/win/src/win_utils.h" |
| (...skipping 173 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 184 else | 184 else |
| 185 *size = sizeof(*policy_flags); | 185 *size = sizeof(*policy_flags); |
| 186 #else | 186 #else |
| 187 #error This platform is not supported. | 187 #error This platform is not supported. |
| 188 #endif | 188 #endif |
| 189 | 189 |
| 190 // Nothing for Win XP or Vista. | 190 // Nothing for Win XP or Vista. |
| 191 if (version <= base::win::VERSION_VISTA) | 191 if (version <= base::win::VERSION_VISTA) |
| 192 return; | 192 return; |
| 193 | 193 |
| 194 // DEP and SEHOP are not valid for 64-bit Windows | |
| 195 #if !defined(_WIN64) | |
|
cpu_(ooo_6.6-7.5)
2013/02/11 19:05:09
I don't like the silent ignore. in sandbox_policy_
jschuh
2013/02/11 21:26:49
But it's ignored because the OS is already enforci
| |
| 194 if (flags & MITIGATION_DEP) { | 196 if (flags & MITIGATION_DEP) { |
| 195 *policy_flags |= PROCESS_CREATION_MITIGATION_POLICY_DEP_ENABLE; | 197 *policy_flags |= PROCESS_CREATION_MITIGATION_POLICY_DEP_ENABLE; |
| 196 if (!(flags & MITIGATION_DEP_NO_ATL_THUNK)) | 198 if (!(flags & MITIGATION_DEP_NO_ATL_THUNK)) |
| 197 *policy_flags |= PROCESS_CREATION_MITIGATION_POLICY_DEP_ATL_THUNK_ENABLE; | 199 *policy_flags |= PROCESS_CREATION_MITIGATION_POLICY_DEP_ATL_THUNK_ENABLE; |
| 198 } | 200 } |
| 199 | 201 |
| 200 if (flags & MITIGATION_SEHOP) | 202 if (flags & MITIGATION_SEHOP) |
| 201 *policy_flags |= PROCESS_CREATION_MITIGATION_POLICY_SEHOP_ENABLE; | 203 *policy_flags |= PROCESS_CREATION_MITIGATION_POLICY_SEHOP_ENABLE; |
| 204 #endif | |
| 202 | 205 |
| 203 // Win 7 | 206 // Win 7 |
| 204 if (version < base::win::VERSION_WIN8) | 207 if (version < base::win::VERSION_WIN8) |
| 205 return; | 208 return; |
| 206 | 209 |
| 207 if (flags & MITIGATION_RELOCATE_IMAGE) { | 210 if (flags & MITIGATION_RELOCATE_IMAGE) { |
| 208 *policy_flags |= | 211 *policy_flags |= |
| 209 PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON; | 212 PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON; |
| 210 if (flags & MITIGATION_RELOCATE_IMAGE_REQUIRED) { | 213 if (flags & MITIGATION_RELOCATE_IMAGE_REQUIRED) { |
| 211 *policy_flags |= | 214 *policy_flags |= |
| (...skipping 108 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 320 | 323 |
| 321 bool CanSetProcessMitigationsPreStartup(MitigationFlags flags) { | 324 bool CanSetProcessMitigationsPreStartup(MitigationFlags flags) { |
| 322 // These mitigations cannot be enabled prior to startup. | 325 // These mitigations cannot be enabled prior to startup. |
| 323 return !(flags & (MITIGATION_STRICT_HANDLE_CHECKS | | 326 return !(flags & (MITIGATION_STRICT_HANDLE_CHECKS | |
| 324 MITIGATION_WIN32K_DISABLE | | 327 MITIGATION_WIN32K_DISABLE | |
| 325 MITIGATION_DLL_SEARCH_ORDER)); | 328 MITIGATION_DLL_SEARCH_ORDER)); |
| 326 } | 329 } |
| 327 | 330 |
| 328 } // namespace sandbox | 331 } // namespace sandbox |
| 329 | 332 |
| OLD | NEW |
