Chromium Code Reviews Chromium Code Reviews
Issue 1405093013:
win: Lower integrity level of connection pipe (Closed)
Base URL: https://chromium.googlesource.com/crashpad/crashpad@master| OLD | NEW |
|---|---|
| 1 // Copyright 2015 The Crashpad Authors. All rights reserved. | 1 // Copyright 2015 The Crashpad Authors. All rights reserved. |
| 2 // | 2 // |
| 3 // Licensed under the Apache License, Version 2.0 (the "License"); | 3 // Licensed under the Apache License, Version 2.0 (the "License"); |
| 4 // you may not use this file except in compliance with the License. | 4 // you may not use this file except in compliance with the License. |
| 5 // You may obtain a copy of the License at | 5 // You may obtain a copy of the License at |
| 6 // | 6 // |
| 7 // http://www.apache.org/licenses/LICENSE-2.0 | 7 // http://www.apache.org/licenses/LICENSE-2.0 |
| 8 // | 8 // |
| 9 // Unless required by applicable law or agreed to in writing, software | 9 // Unless required by applicable law or agreed to in writing, software |
| 10 // distributed under the License is distributed on an "AS IS" BASIS, | 10 // distributed under the License is distributed on an "AS IS" BASIS, |
| 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 12 // See the License for the specific language governing permissions and | 12 // See the License for the specific language governing permissions and |
| 13 // limitations under the License. | 13 // limitations under the License. |
| 14 | 14 |
| 15 #include "util/win/exception_handler_server.h" | 15 #include "util/win/exception_handler_server.h" |
| 16 | 16 |
| 17 #include <sddl.h> | |
| 17 #include <string.h> | 18 #include <string.h> |
| 18 | 19 |
| 19 #include "base/logging.h" | 20 #include "base/logging.h" |
| 20 #include "base/numerics/safe_conversions.h" | 21 #include "base/numerics/safe_conversions.h" |
| 21 #include "base/rand_util.h" | 22 #include "base/rand_util.h" |
| 22 #include "base/strings/stringprintf.h" | 23 #include "base/strings/stringprintf.h" |
| 23 #include "base/strings/utf_string_conversions.h" | 24 #include "base/strings/utf_string_conversions.h" |
| 24 #include "minidump/minidump_file_writer.h" | 25 #include "minidump/minidump_file_writer.h" |
| 25 #include "snapshot/crashpad_info_client_options.h" | 26 #include "snapshot/crashpad_info_client_options.h" |
| 26 #include "snapshot/win/process_snapshot_win.h" | 27 #include "snapshot/win/process_snapshot_win.h" |
| 27 #include "util/file/file_writer.h" | 28 #include "util/file/file_writer.h" |
| 28 #include "util/misc/tri_state.h" | 29 #include "util/misc/tri_state.h" |
| 29 #include "util/misc/uuid.h" | 30 #include "util/misc/uuid.h" |
| 30 #include "util/win/get_function.h" | 31 #include "util/win/get_function.h" |
| 31 #include "util/win/handle.h" | 32 #include "util/win/handle.h" |
| 32 #include "util/win/registration_protocol_win.h" | 33 #include "util/win/registration_protocol_win.h" |
| 34 #include "util/win/scoped_local_free.h" | |
| 33 #include "util/win/xp_compat.h" | 35 #include "util/win/xp_compat.h" |
| 34 | 36 |
| 35 namespace crashpad { | 37 namespace crashpad { |
| 36 | 38 |
| 37 namespace { | 39 namespace { |
| 38 | 40 |
| 39 // We create two pipe instances, so that there's one listening while the | 41 // We create two pipe instances, so that there's one listening while the |
| 40 // PipeServiceProc is processing a registration. | 42 // PipeServiceProc is processing a registration. |
| 41 const size_t kPipeInstances = 2; | 43 const size_t kPipeInstances = 2; |
| 42 | 44 |
| 43 // Wraps CreateNamedPipe() to create a single named pipe instance. | 45 // Wraps CreateNamedPipe() to create a single named pipe instance. |
| 44 // | 46 // |
| 45 // If first_instance is true, the named pipe instance will be created with | 47 // If first_instance is true, the named pipe instance will be created with |
| 46 // FILE_FLAG_FIRST_PIPE_INSTANCE. This ensures that the the pipe name is not | 48 // FILE_FLAG_FIRST_PIPE_INSTANCE. This ensures that the the pipe name is not |
| 47 // already in use when created. | 49 // already in use when created. The first instance will be created with an |
| 50 // untrusted integrity SACL so instances of this pipe can be connected to by | |
| 51 // processes of any integrity level. | |
| 48 HANDLE CreateNamedPipeInstance(const std::wstring& pipe_name, | 52 HANDLE CreateNamedPipeInstance(const std::wstring& pipe_name, |
| 49 bool first_instance) { | 53 bool first_instance) { |
| 50 return CreateNamedPipe(pipe_name.c_str(), | 54 SECURITY_ATTRIBUTES security_attributes = {0}; |
|
Mark Mentovai
2015/11/06 14:55:48
Can you defer the = {} until you’re sure we’re goi
scottmg
2015/11/06 18:03:30
Done.
| |
| 51 PIPE_ACCESS_DUPLEX | | 55 SECURITY_ATTRIBUTES* security_attributes_pointer = nullptr; |
| 52 (first_instance ? FILE_FLAG_FIRST_PIPE_INSTANCE | 56 ScopedLocalFree scoped_sec_desc; |
| 53 : 0), | 57 |
| 54 PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE | PIPE_WAIT, | 58 if (first_instance) { |
| 55 kPipeInstances, | 59 // Pre-Vista does not have integrity levels. |
| 56 512, | 60 const DWORD version = GetVersion(); |
| 57 512, | 61 const DWORD major_version = LOBYTE(LOWORD(version)); |
| 58 0, | 62 const bool is_vista_or_later = major_version >= 6; |
| 59 nullptr); | 63 if (is_vista_or_later) { |
| 64 // Mandatory Label, no ACE flags, no ObjectType, integrity level | |
| 65 // untrusted. | |
| 66 const wchar_t kSddl[] = L"S:(ML;;;;;S-1-16-0)"; | |
| 67 | |
| 68 PSECURITY_DESCRIPTOR sec_desc = nullptr; | |
|
Mark Mentovai
2015/11/06 14:55:48
No need to initialize.
scottmg
2015/11/06 18:03:30
Done.
| |
| 69 PCHECK(ConvertStringSecurityDescriptorToSecurityDescriptor( | |
|
Mark Mentovai
2015/11/06 14:55:48
Do we need to add -ladvapi32.lib or do we get that
scottmg
2015/11/06 18:03:30
Done.
| |
| 70 kSddl, SDDL_REVISION_1, &sec_desc, nullptr)) | |
| 71 << "ConvertStringSecurityDescriptorToSecurityDescriptor"; | |
| 72 | |
| 73 // Take ownership of the allocated SECURITY_DESCRIPTOR. | |
| 74 scoped_sec_desc.reset(sec_desc); | |
| 75 | |
| 76 security_attributes.nLength = sizeof(SECURITY_ATTRIBUTES); | |
| 77 security_attributes.lpSecurityDescriptor = sec_desc; | |
| 78 security_attributes.bInheritHandle = FALSE; | |
| 79 security_attributes_pointer = &security_attributes; | |
| 80 } | |
| 81 } | |
| 82 | |
| 83 return CreateNamedPipe( | |
| 84 pipe_name.c_str(), | |
| 85 PIPE_ACCESS_DUPLEX | (first_instance ? FILE_FLAG_FIRST_PIPE_INSTANCE : 0), | |
| 86 PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE | PIPE_WAIT, | |
| 87 kPipeInstances, | |
| 88 512, | |
| 89 512, | |
| 90 0, | |
| 91 security_attributes_pointer); | |
| 60 } | 92 } |
| 61 | 93 |
| 62 decltype(GetNamedPipeClientProcessId)* GetNamedPipeClientProcessIdFunction() { | 94 decltype(GetNamedPipeClientProcessId)* GetNamedPipeClientProcessIdFunction() { |
| 63 static const auto get_named_pipe_client_process_id = | 95 static const auto get_named_pipe_client_process_id = |
| 64 GET_FUNCTION(L"kernel32.dll", ::GetNamedPipeClientProcessId); | 96 GET_FUNCTION(L"kernel32.dll", ::GetNamedPipeClientProcessId); |
| 65 return get_named_pipe_client_process_id; | 97 return get_named_pipe_client_process_id; |
| 66 } | 98 } |
| 67 | 99 |
| 68 HANDLE DuplicateEvent(HANDLE process, HANDLE event) { | 100 HANDLE DuplicateEvent(HANDLE process, HANDLE event) { |
| 69 HANDLE handle; | 101 HANDLE handle; |
| (...skipping 243 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 313 } | 345 } |
| 314 | 346 |
| 315 void ExceptionHandlerServer::Run(Delegate* delegate) { | 347 void ExceptionHandlerServer::Run(Delegate* delegate) { |
| 316 uint64_t shutdown_token = base::RandUint64(); | 348 uint64_t shutdown_token = base::RandUint64(); |
| 317 ScopedKernelHANDLE thread_handles[kPipeInstances]; | 349 ScopedKernelHANDLE thread_handles[kPipeInstances]; |
| 318 for (int i = 0; i < arraysize(thread_handles); ++i) { | 350 for (int i = 0; i < arraysize(thread_handles); ++i) { |
| 319 HANDLE pipe; | 351 HANDLE pipe; |
| 320 if (first_pipe_instance_.is_valid()) { | 352 if (first_pipe_instance_.is_valid()) { |
| 321 pipe = first_pipe_instance_.release(); | 353 pipe = first_pipe_instance_.release(); |
| 322 } else { | 354 } else { |
| 323 pipe = CreateNamedPipeInstance(pipe_name_, false); | 355 pipe = CreateNamedPipeInstance(pipe_name_, i == 0); |
| 324 PCHECK(pipe != INVALID_HANDLE_VALUE) << "CreateNamedPipe"; | 356 PCHECK(pipe != INVALID_HANDLE_VALUE) << "CreateNamedPipe"; |
| 325 } | 357 } |
| 326 | 358 |
| 327 // Ownership of this object (and the pipe instance) is given to the new | 359 // Ownership of this object (and the pipe instance) is given to the new |
| 328 // thread. We close the thread handles at the end of the scope. They clean | 360 // thread. We close the thread handles at the end of the scope. They clean |
| 329 // up the context object and the pipe instance on termination. | 361 // up the context object and the pipe instance on termination. |
| 330 internal::PipeServiceContext* context = | 362 internal::PipeServiceContext* context = |
| 331 new internal::PipeServiceContext(port_.get(), | 363 new internal::PipeServiceContext(port_.get(), |
| 332 pipe, | 364 pipe, |
| 333 delegate, | 365 delegate, |
| (...skipping 227 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 561 void __stdcall ExceptionHandlerServer::OnProcessEnd(void* ctx, BOOLEAN) { | 593 void __stdcall ExceptionHandlerServer::OnProcessEnd(void* ctx, BOOLEAN) { |
| 562 // This function is executed on the thread pool. | 594 // This function is executed on the thread pool. |
| 563 internal::ClientData* client = reinterpret_cast<internal::ClientData*>(ctx); | 595 internal::ClientData* client = reinterpret_cast<internal::ClientData*>(ctx); |
| 564 base::AutoLock lock(*client->lock()); | 596 base::AutoLock lock(*client->lock()); |
| 565 | 597 |
| 566 // Post back to the main thread to have it delete this client record. | 598 // Post back to the main thread to have it delete this client record. |
| 567 PostQueuedCompletionStatus(client->port(), 0, ULONG_PTR(client), nullptr); | 599 PostQueuedCompletionStatus(client->port(), 0, ULONG_PTR(client), nullptr); |
| 568 } | 600 } |
| 569 | 601 |
| 570 } // namespace crashpad | 602 } // namespace crashpad |
| OLD | NEW |
