Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(217)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/src/target_process.cc

Issue 9834065: Revert 128016 - Make sandbox explicitly block opening broker and sandboxed processes (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Created 8 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « sandbox/src/target_process.h ('k') | sandbox/tests/validation_tests/suite.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/src/target_process.h" 5 #include "sandbox/src/target_process.h"
6 6
7 #include "base/basictypes.h" 7 #include "base/basictypes.h"
8 #include "base/memory/scoped_ptr.h" 8 #include "base/memory/scoped_ptr.h"
9 #include "base/win/pe_image.h" 9 #include "base/win/pe_image.h"
10 #include "sandbox/src/crosscall_server.h" 10 #include "sandbox/src/crosscall_server.h"
(...skipping 123 matching lines...) Expand 10 before | Expand all | Expand 10 after
134 if (shared_section_) 134 if (shared_section_)
135 ::CloseHandle(shared_section_); 135 ::CloseHandle(shared_section_);
136 free(exe_name_); 136 free(exe_name_);
137 } 137 }
138 138
139 // Creates the target (child) process suspended and assigns it to the job 139 // Creates the target (child) process suspended and assigns it to the job
140 // object. 140 // object.
141 DWORD TargetProcess::Create(const wchar_t* exe_path, 141 DWORD TargetProcess::Create(const wchar_t* exe_path,
142 const wchar_t* command_line, 142 const wchar_t* command_line,
143 const wchar_t* desktop, 143 const wchar_t* desktop,
144 PSECURITY_ATTRIBUTES security_attributes,
145 PROCESS_INFORMATION* target_info) { 144 PROCESS_INFORMATION* target_info) {
146 exe_name_ = _wcsdup(exe_path); 145 exe_name_ = _wcsdup(exe_path);
147 146
148 // the command line needs to be writable by CreateProcess(). 147 // the command line needs to be writable by CreateProcess().
149 scoped_ptr_malloc<wchar_t> cmd_line(_wcsdup(command_line)); 148 scoped_ptr_malloc<wchar_t> cmd_line(_wcsdup(command_line));
150 scoped_ptr_malloc<wchar_t> desktop_name(desktop ? _wcsdup(desktop) : NULL); 149 scoped_ptr_malloc<wchar_t> desktop_name(desktop ? _wcsdup(desktop) : NULL);
151 150
152 // Start the target process suspended. 151 // Start the target process suspended.
153 const DWORD flags = CREATE_SUSPENDED | CREATE_BREAKAWAY_FROM_JOB | 152 const DWORD flags = CREATE_SUSPENDED | CREATE_BREAKAWAY_FROM_JOB |
154 CREATE_UNICODE_ENVIRONMENT | DETACHED_PROCESS; 153 CREATE_UNICODE_ENVIRONMENT | DETACHED_PROCESS;
155 154
156 STARTUPINFO startup_info = {sizeof(STARTUPINFO)}; 155 STARTUPINFO startup_info = {sizeof(STARTUPINFO)};
157 if (desktop) { 156 if (desktop) {
158 startup_info.lpDesktop = desktop_name.get(); 157 startup_info.lpDesktop = desktop_name.get();
159 } 158 }
160 159
161 PROCESS_INFORMATION process_info = {0}; 160 PROCESS_INFORMATION process_info = {0};
162 161
163 if (!::CreateProcessAsUserW(lockdown_token_, 162 if (!::CreateProcessAsUserW(lockdown_token_,
164 exe_path, 163 exe_path,
165 cmd_line.get(), 164 cmd_line.get(),
166 security_attributes, 165 NULL, // No security attribute.
167 NULL, // No thread attribute. 166 NULL, // No thread attribute.
168 FALSE, // Do not inherit handles. 167 FALSE, // Do not inherit handles.
169 flags, 168 flags,
170 NULL, // Use the environment of the caller. 169 NULL, // Use the environment of the caller.
171 NULL, // Use current directory of the caller. 170 NULL, // Use current directory of the caller.
172 &startup_info, 171 &startup_info,
173 &process_info)) { 172 &process_info)) {
174 return ::GetLastError(); 173 return ::GetLastError();
175 } 174 }
176 175
(...skipping 167 matching lines...) Expand 10 before | Expand all | Expand 10 after
344 343
345 344
346 TargetProcess* MakeTestTargetProcess(HANDLE process, HMODULE base_address) { 345 TargetProcess* MakeTestTargetProcess(HANDLE process, HMODULE base_address) {
347 TargetProcess* target = new TargetProcess(NULL, NULL, NULL, NULL); 346 TargetProcess* target = new TargetProcess(NULL, NULL, NULL, NULL);
348 target->sandbox_process_ = process; 347 target->sandbox_process_ = process;
349 target->base_address_ = base_address; 348 target->base_address_ = base_address;
350 return target; 349 return target;
351 } 350 }
352 351
353 } // namespace sandbox 352 } // namespace sandbox
OLDNEW
« no previous file with comments | « sandbox/src/target_process.h ('k') | sandbox/tests/validation_tests/suite.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698