Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(738)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: sandbox/win/src/window.cc

Issue 186483005: Don't modify the alternate winstation DACL (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 6 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: sandbox/win/src/window.cc
diff --git a/sandbox/win/src/window.cc b/sandbox/win/src/window.cc
index a448b59f54ddef8050979a30c624b731cc76716a..b8d6358064754476bd14c430fd5480750f5283c4 100644
--- a/sandbox/win/src/window.cc
+++ b/sandbox/win/src/window.cc
@@ -48,20 +48,8 @@ ResultCode CreateAltWindowStation(HWINSTA* winsta) {
*winsta = ::CreateWindowStationW(NULL, 0, WINSTA_ALL_ACCESS, &attributes);
LocalFree(attributes.lpSecurityDescriptor);
- if (*winsta) {
- // Replace the DACL on the new Winstation with a reduced privilege version.
- // We can soft fail on this for now, as it's just an extra mitigation.
- static const ACCESS_MASK kWinstaDenyMask = DELETE | WRITE_DAC |
- WRITE_OWNER |
- WINSTA_ACCESSCLIPBOARD |
- WINSTA_CREATEDESKTOP |
- WINSTA_ENUMDESKTOPS |
- WINSTA_ENUMERATE |
- WINSTA_EXITWINDOWS;
- AddKnownSidToObject(*winsta, SE_WINDOW_OBJECT, Sid(WinRestrictedCodeSid),
- DENY_ACCESS, kWinstaDenyMask);
+ if (*winsta)
return SBOX_ALL_OK;
- }
return SBOX_ERROR_CANNOT_CREATE_WINSTATION;
}
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698