Make event and mutexes created by SetupSingleton accessible to everyone.

chrome/installer/setup/setup_singleton.cc

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/installer/setup/setup_singleton.h"
 
 #include <functional>
 #include <utility>
 
 #include "base/files/file_path.h"
@@ skipping 25 matching lines @@
   SETUP_SINGLETON_ACQUISITION_EXIT_EVENT_MUTEX_CREATION_FAILED = 5,
   SETUP_SINGLETON_ACQUISITION_RESULT_COUNT,
 };
 
 void RecordSetupSingletonAcquisitionResultHistogram(
     SetupSingletonAcquisitionResult result) {
   UMA_HISTOGRAM_ENUMERATION("Setup.Install.SingletonAcquisitionResult", result,
                             SETUP_SINGLETON_ACQUISITION_RESULT_COUNT);
 }
 
+// Initializes |security_attributes| and |security_descriptor| so that a handle
+// created using |security_attributes| is accessible to everyone.
+// |security_descriptor| must outlive |security_attributes|.
+void InitializeAllAccessSecurityAttributes(
+    SECURITY_ATTRIBUTES* security_attributes,
+    SECURITY_DESCRIPTOR* security_descriptor) {
+  DCHECK(security_attributes);
+  DCHECK(security_descriptor);
+
+  const BOOL initialize_security_descriptor_result =
+      ::InitializeSecurityDescriptor(security_descriptor,
+                                     SECURITY_DESCRIPTOR_REVISION);
+  DCHECK(initialize_security_descriptor_result);
+  // A nullptr DACL allows access to everyone.

[grt (UTC plus 2), 2016/10/03 07:49:00]

i don't think it's a good idea to allow any process access. authenticated users
is a bit better (SECURITY_NT_AUTHORITY + SECURITY_AUTHENTICATED_USER_RID).

+  const BOOL set_security_descriptor_dacl_result =
+      ::SetSecurityDescriptorDacl(security_descriptor, TRUE, nullptr, TRUE);
+  DCHECK(set_security_descriptor_dacl_result);
+
+  security_attributes->nLength = sizeof(*security_attributes);
+  security_attributes->lpSecurityDescriptor = security_descriptor;
+  security_attributes->bInheritHandle = FALSE;
+}
+
 }  // namespace
 
 std::unique_ptr<SetupSingleton> SetupSingleton::Acquire(
     const base::CommandLine& command_line,
     const MasterPreferences& master_preferences,
     InstallationState* original_state,
     InstallerState* installer_state) {
   DCHECK(original_state);
   DCHECK(installer_state);
 
   const base::string16 sync_primitive_name_suffix(
       base::SizeTToString16(std::hash<base::FilePath::StringType>()(
           installer_state->target_path().value())));
 
+  // The event and mutexes created by this method have security attributes that
+  // allow access to everyone. This means that a non-elevated installer can
+  // access the event and mutexes created by an elevated installer.
+  SECURITY_DESCRIPTOR security_descriptor;
+  SECURITY_ATTRIBUTES security_attributes;
+  InitializeAllAccessSecurityAttributes(&security_attributes,
+                                        &security_descriptor);
+
   base::win::ScopedHandle setup_mutex(::CreateMutex(
-      nullptr, FALSE,
+      &security_attributes, FALSE,
       (L"Global\\ChromeSetupMutex_" + sync_primitive_name_suffix).c_str()));
   if (!setup_mutex.IsValid()) {
     RecordSetupSingletonAcquisitionResultHistogram(
         SETUP_SINGLETON_ACQUISITION_SETUP_MUTEX_CREATION_FAILED);
     return nullptr;
   }
 
   base::win::ScopedHandle exit_event(::CreateEvent(
-      nullptr, TRUE, FALSE,
+      &security_attributes, TRUE, FALSE,
       (L"Global\\ChromeSetupExitEvent_" + sync_primitive_name_suffix).c_str()));
   if (!exit_event.IsValid()) {
     RecordSetupSingletonAcquisitionResultHistogram(
         SETUP_SINGLETON_ACQUISITION_EXIT_EVENT_CREATION_FAILED);
     return nullptr;
   }
 
   auto setup_singleton = base::WrapUnique(
       new SetupSingleton(std::move(setup_mutex), std::move(exit_event)));
 
   {
     // Acquire a mutex to ensure that a single call to SetupSingleton::Acquire()
     // signals |exit_event_| and waits for |setup_mutex_| to be released at a
     // time.
     base::win::ScopedHandle exit_event_mutex(::CreateMutex(
-        nullptr, FALSE,
+        &security_attributes, FALSE,
         (L"Global\\ChromeSetupExitEventMutex_" + sync_primitive_name_suffix)
             .c_str()));
     if (!exit_event_mutex.IsValid()) {
       RecordSetupSingletonAcquisitionResultHistogram(
           SETUP_SINGLETON_ACQUISITION_EXIT_EVENT_MUTEX_CREATION_FAILED);
       return nullptr;
     }
 
     ScopedHoldMutex scoped_hold_exit_event_mutex;
     if (!scoped_hold_exit_event_mutex.Acquire(exit_event_mutex.Get())) {
@@ skipping 58 matching lines @@
   return false;
 }
 
 SetupSingleton::SetupSingleton(base::win::ScopedHandle setup_mutex,
                                base::win::ScopedHandle exit_event)
     : setup_mutex_(std::move(setup_mutex)), exit_event_(std::move(exit_event)) {
   DCHECK(setup_mutex_.IsValid());
 }
 
 }  // namespace installer