Chromium Code Reviews
DescriptionAdded a policy option to restrict the default DACL for tokens.
This patch modified the way the default DACL is calculated for new restricted
tokens to remove certain rights. This blocks processes being able to open
other processes at the same or lower security level.
BUG=596862
Committed: https://crrev.com/cfcbe0af3076ba9c23d65bbc92d63e74c7188759
Cr-Commit-Position: refs/heads/master@{#384522}
Patch Set 1 #
Total comments: 4
Patch Set 2 : Fixed nits and added integration test. #Patch Set 3 : Moved integration test to a more suitable place. #Patch Set 4 : Initialize lockdown default dacl value #Patch Set 5 : Reverted sandbox_win changes #Patch Set 6 : Added access mask to open process test #
Dependent Patchsets: Messages
Total messages: 16 (6 generated)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||