Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(792)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 10690058: Add sandbox support for Windows process mitigations (Closed)

Created:
8 years, 5 months ago by jschuh
Modified:
8 years, 3 months ago
CC:
chromium-reviews
Base URL:
https://src.chromium.org/svn/trunk/src/
Visibility:
Public.

Description

Add sandbox support for Windows process mitigations BUG=147752 Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=156657

Patch Set 1 : #

Patch Set 2 : #

Patch Set 3 : #

Total comments: 4

Patch Set 4 : #

Patch Set 5 : #

Patch Set 6 : #

Patch Set 7 : #

Patch Set 8 : #

Patch Set 9 : #

Patch Set 10 : #

Patch Set 11 : #

Patch Set 12 : #

Patch Set 13 : #

Patch Set 14 : #

Patch Set 15 : #

Patch Set 16 : #

Patch Set 17 : #

Total comments: 10

Patch Set 18 : #

Total comments: 17

Patch Set 19 : #

Total comments: 35

Patch Set 20 : #

Patch Set 21 : #

Patch Set 22 : #

Patch Set 23 : #

Patch Set 24 : #

Total comments: 2
Unified diffs Side-by-side diffs Delta from patch set Stats (+785 lines, -318 lines) Patch
M content/app/startup_helper_win.cc View 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 2 chunks +7 lines, -6 lines 0 comments Download
M content/common/sandbox_policy.cc View 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 3 chunks +23 lines, -1 line 0 comments Download
M content/public/test/browser_test_base.cc View 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 1 chunk +0 lines, -1 line 0 comments Download
M content/public/test/test_launcher.cc View 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 1 chunk +0 lines, -1 line 0 comments Download
M sandbox/win/sandbox_win.gypi View 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 4 chunks +3 lines, -3 lines 0 comments Download
M sandbox/win/src/broker_services.cc View 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 2 chunks +31 lines, -6 lines 0 comments Download
D sandbox/win/src/dep.h View 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 1 chunk +0 lines, -25 lines 0 comments Download
D sandbox/win/src/dep.cc View 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 1 chunk +0 lines, -89 lines 0 comments Download
D sandbox/win/src/dep_test.cc View 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 1 chunk +0 lines, -158 lines 0 comments Download
M sandbox/win/src/nt_internals.h View 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 4 chunks +12 lines, -4 lines 0 comments Download
A sandbox/win/src/process_mitigations.h View 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 1 chunk +44 lines, -0 lines 1 comment Download
A sandbox/win/src/process_mitigations.cc View 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 1 chunk +321 lines, -0 lines 0 comments Download
A sandbox/win/src/process_mitigations_test.cc View 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 1 chunk +203 lines, -0 lines 0 comments Download
M sandbox/win/src/sandbox_policy.h View 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 1 chunk +16 lines, -0 lines 0 comments Download
M sandbox/win/src/sandbox_policy_base.h View 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 2 chunks +7 lines, -0 lines 0 comments Download
M sandbox/win/src/sandbox_policy_base.cc View 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 6 chunks +46 lines, -0 lines 0 comments Download
M sandbox/win/src/sandbox_types.h View 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 2 chunks +4 lines, -1 line 0 comments Download
M sandbox/win/src/security_level.h View 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 1 chunk +58 lines, -0 lines 1 comment Download
M sandbox/win/src/target_process.cc View 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 2 chunks +0 lines, -23 lines 0 comments Download
M sandbox/win/src/target_services.cc View 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 3 chunks +6 lines, -0 lines 0 comments Download
M sandbox/win/tests/common/controller.h View 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 1 chunk +4 lines, -0 lines 0 comments Download

Messages

Total messages: 20 (0 generated)
jschuh
For this pass I don't think there's any need to add the attributes vector. So, ...
8 years, 5 months ago (2012-06-30 23:49:50 UTC) #1
cpu_(ooo_6.6-7.5)
http://codereview.chromium.org/10690058/diff/11003/sandbox/src/target_process.cc File sandbox/src/target_process.cc (right): http://codereview.chromium.org/10690058/diff/11003/sandbox/src/target_process.cc#newcode72 sandbox/src/target_process.cc:72: startup_info_.StartupInfo.cb = sizeof(STARTUPINFOEX); sizeof(startup_info_) http://codereview.chromium.org/10690058/diff/11003/sandbox/src/target_process.cc#newcode119 sandbox/src/target_process.cc:119: PVOID value, PVOID ...
8 years, 5 months ago (2012-07-02 21:42:32 UTC) #2
jschuh
Have at it. :)
8 years, 3 months ago (2012-09-05 20:55:28 UTC) #3
cpu_(ooo_6.6-7.5)
more to come, but you can start mulling these ones. http://codereview.chromium.org/10690058/diff/40051/sandbox/win/src/broker_services.cc File sandbox/win/src/broker_services.cc (right): http://codereview.chromium.org/10690058/diff/40051/sandbox/win/src/broker_services.cc#newcode354 ...
8 years, 3 months ago (2012-09-06 19:46:15 UTC) #4
jschuh
http://codereview.chromium.org/10690058/diff/40051/sandbox/win/src/broker_services.cc File sandbox/win/src/broker_services.cc (right): http://codereview.chromium.org/10690058/diff/40051/sandbox/win/src/broker_services.cc#newcode354 sandbox/win/src/broker_services.cc:354: #endif On 2012/09/06 19:46:15, cpu wrote: > this would ...
8 years, 3 months ago (2012-09-07 01:14:22 UTC) #5
cpu_(ooo_6.6-7.5)
lgtm http://codereview.chromium.org/10690058/diff/45032/content/app/startup_helper_win.cc File content/app/startup_helper_win.cc (right): http://codereview.chromium.org/10690058/diff/45032/content/app/startup_helper_win.cc#newcode43 content/app/startup_helper_win.cc:43: // Ensure the proper mitigations are enforced for ...
8 years, 3 months ago (2012-09-07 19:22:55 UTC) #6
jschuh
https://chromiumcodereview.appspot.com/10690058/diff/45032/content/app/startup_helper_win.cc File content/app/startup_helper_win.cc (right): https://chromiumcodereview.appspot.com/10690058/diff/45032/content/app/startup_helper_win.cc#newcode43 content/app/startup_helper_win.cc:43: // Ensure the proper mitigations are enforced for the ...
8 years, 3 months ago (2012-09-07 20:23:14 UTC) #7
rvargas (doing something else)
Mostly nits. http://codereview.chromium.org/10690058/diff/41066/sandbox/win/src/broker_services.cc File sandbox/win/src/broker_services.cc (right): http://codereview.chromium.org/10690058/diff/41066/sandbox/win/src/broker_services.cc#newcode335 sandbox/win/src/broker_services.cc:335: return SBOX_ERROR_GENERIC; Use a specific error code ...
8 years, 3 months ago (2012-09-08 02:23:32 UTC) #8
Peter Kasting
Drive-by: Please add a BUG= link and if possible a more descriptive... uh... description.
8 years, 3 months ago (2012-09-09 02:59:45 UTC) #9
jschuh
Okay, did a little bit of shuffling. Responses inline. http://codereview.chromium.org/10690058/diff/41066/sandbox/win/src/broker_services.cc File sandbox/win/src/broker_services.cc (right): http://codereview.chromium.org/10690058/diff/41066/sandbox/win/src/broker_services.cc#newcode335 sandbox/win/src/broker_services.cc:335: ...
8 years, 3 months ago (2012-09-10 23:58:48 UTC) #10
jschuh
@jam - If you want to take a look at the content changes please go ...
8 years, 3 months ago (2012-09-11 04:38:53 UTC) #11
jam
lgtm
8 years, 3 months ago (2012-09-11 15:43:23 UTC) #12
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/jschuh@chromium.org/10690058/50042
8 years, 3 months ago (2012-09-12 02:26:31 UTC) #13
commit-bot: I haz the power
Presubmit check for 10690058-50042 failed and returned exit status 1. Running presubmit commit checks ...
8 years, 3 months ago (2012-09-12 02:26:39 UTC) #14
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/jschuh@chromium.org/10690058/39071
8 years, 3 months ago (2012-09-13 00:13:51 UTC) #15
commit-bot: I haz the power
Can't process patch for file sandbox/win/src/process_mitigations.cc. Diff seems corrupted.
8 years, 3 months ago (2012-09-13 00:13:54 UTC) #16
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/jschuh@chromium.org/10690058/46057
8 years, 3 months ago (2012-09-13 00:20:33 UTC) #17
commit-bot: I haz the power
Presubmit check for 10690058-46057 failed and returned exit status 1. Running presubmit commit checks ...
8 years, 3 months ago (2012-09-13 00:20:46 UTC) #18
rvargas (doing something else)
http://codereview.chromium.org/10690058/diff/41066/sandbox/win/src/process_mitigations_test.cc File sandbox/win/src/process_mitigations_test.cc (right): http://codereview.chromium.org/10690058/diff/41066/sandbox/win/src/process_mitigations_test.cc#newcode99 sandbox/win/src/process_mitigations_test.cc:99: if (!CheckWin8AslrPolicy()) On 2012/09/10 23:58:48, Justin Schuh wrote: > ...
8 years, 3 months ago (2012-09-13 19:15:26 UTC) #19
jschuh
8 years, 3 months ago (2012-09-13 20:27:25 UTC) #20 
Rick and I talked in person and cleared up some confusion. He's good with
landing the API as is now, and finishing off the mitigation tightening work.
After that I'm going to refactor the API a bit to better hide the internal guts.

On 2012/09/13 19:15:26, rvargas wrote:
>
http://codereview.chromium.org/10690058/diff/41066/sandbox/win/src/process_mi...
> File sandbox/win/src/process_mitigations_test.cc (right):
> 
>
http://codereview.chromium.org/10690058/diff/41066/sandbox/win/src/process_mi...
> sandbox/win/src/process_mitigations_test.cc:99: if (!CheckWin8AslrPolicy())
> On 2012/09/10 23:58:48, Justin Schuh wrote:
> > On 2012/09/08 02:23:32, rvargas wrote:
> > > Did you considered just writing independent tests? As an added bonus,
> failures
> > > will be clear on the bots.
> > 
> > Yeah, but given the ever-increasing flakiness of the bots I feel better
about
> > spawning fewer processes if they're not needed.
> 
> That's the wrong way to look at it. The cause of flakiness should be addressed
> by itself... and a single flake on this test will disable all test at the same
> time :(
> 
> As a general rule, test should be as small and specific as reasonable.
> 
>
http://codereview.chromium.org/10690058/diff/49105/sandbox/win/src/process_mi...
> File sandbox/win/src/process_mitigations.h (right):
> 
>
http://codereview.chromium.org/10690058/diff/49105/sandbox/win/src/process_mi...
> sandbox/win/src/process_mitigations.h:28: DWORD64* policy_flags, size_t*
size);
> This is a weird API because it asks for a specific size (DWORD64) and then
> returns a size :(.
> 
>
http://codereview.chromium.org/10690058/diff/49105/sandbox/win/src/security_l...
> File sandbox/win/src/security_level.h (right):
> 
>
http://codereview.chromium.org/10690058/diff/49105/sandbox/win/src/security_l...
> sandbox/win/src/security_level.h:137: const MitigationFlags MITIGATION_DEP    
 
>                        = 0x00000001;
> I'm sorry to insist on this one, but please use an enum instead of a bunch of
> consts. And don't jump to 64 bits until we actually need that (if we ever use
> all lower bits).

Powered by Google App Engine
This is Rietveld 408576698