Make event and mutexes created by SetupSingleton accessible to everyone.

chrome/installer/setup/setup_singleton.cc

Index: chrome/installer/setup/setup_singleton.cc
diff --git a/chrome/installer/setup/setup_singleton.cc b/chrome/installer/setup/setup_singleton.cc
index b880e618e23c15244ce3b4c2bc7010d09c6a7f76..0fa3202d41eb8e6cb08c6fa6ef6b9b95bc7b254a 100644
--- a/chrome/installer/setup/setup_singleton.cc
+++ b/chrome/installer/setup/setup_singleton.cc
@@ -43,6 +43,29 @@ void RecordSetupSingletonAcquisitionResultHistogram(
                             SETUP_SINGLETON_ACQUISITION_RESULT_COUNT);
 }
 
+// Initializes |security_attributes| and |security_descriptor| so that a handle
+// created using |security_attributes| is accessible to everyone.
+// |security_descriptor| must outlive |security_attributes|.
+void InitializeAllAccessSecurityAttributes(
+    SECURITY_ATTRIBUTES* security_attributes,
+    SECURITY_DESCRIPTOR* security_descriptor) {
+  DCHECK(security_attributes);
+  DCHECK(security_descriptor);
+
+  const BOOL initialize_security_descriptor_result =
+      ::InitializeSecurityDescriptor(security_descriptor,
+                                     SECURITY_DESCRIPTOR_REVISION);
+  DCHECK(initialize_security_descriptor_result);
+  // A nullptr DACL allows access to everyone.

[grt (UTC plus 2), 2016/10/03 07:49:00]

i don't think it's a good idea to allow any process access. authenticated users
is a bit better (SECURITY_NT_AUTHORITY + SECURITY_AUTHENTICATED_USER_RID).

+  const BOOL set_security_descriptor_dacl_result =
+      ::SetSecurityDescriptorDacl(security_descriptor, TRUE, nullptr, TRUE);
+  DCHECK(set_security_descriptor_dacl_result);
+
+  security_attributes->nLength = sizeof(*security_attributes);
+  security_attributes->lpSecurityDescriptor = security_descriptor;
+  security_attributes->bInheritHandle = FALSE;
+}
+
 }  // namespace
 
 std::unique_ptr<SetupSingleton> SetupSingleton::Acquire(
@@ -57,8 +80,16 @@ std::unique_ptr<SetupSingleton> SetupSingleton::Acquire(
       base::SizeTToString16(std::hash<base::FilePath::StringType>()(
           installer_state->target_path().value())));
 
+  // The event and mutexes created by this method have security attributes that
+  // allow access to everyone. This means that a non-elevated installer can
+  // access the event and mutexes created by an elevated installer.
+  SECURITY_DESCRIPTOR security_descriptor;
+  SECURITY_ATTRIBUTES security_attributes;
+  InitializeAllAccessSecurityAttributes(&security_attributes,
+                                        &security_descriptor);
+
   base::win::ScopedHandle setup_mutex(::CreateMutex(
-      nullptr, FALSE,
+      &security_attributes, FALSE,
       (L"Global\\ChromeSetupMutex_" + sync_primitive_name_suffix).c_str()));
   if (!setup_mutex.IsValid()) {
     RecordSetupSingletonAcquisitionResultHistogram(
@@ -67,7 +98,7 @@ std::unique_ptr<SetupSingleton> SetupSingleton::Acquire(
   }
 
   base::win::ScopedHandle exit_event(::CreateEvent(
-      nullptr, TRUE, FALSE,
+      &security_attributes, TRUE, FALSE,
       (L"Global\\ChromeSetupExitEvent_" + sync_primitive_name_suffix).c_str()));
   if (!exit_event.IsValid()) {
     RecordSetupSingletonAcquisitionResultHistogram(
@@ -83,7 +114,7 @@ std::unique_ptr<SetupSingleton> SetupSingleton::Acquire(
     // signals |exit_event_| and waits for |setup_mutex_| to be released at a
     // time.
     base::win::ScopedHandle exit_event_mutex(::CreateMutex(
-        nullptr, FALSE,
+        &security_attributes, FALSE,
         (L"Global\\ChromeSetupExitEventMutex_" + sync_primitive_name_suffix)
             .c_str()));
     if (!exit_event_mutex.IsValid()) {