DescriptionAdded a new process mitigation to harden process token IL policy.
This adds a new process mitigation policy to harden the current process
token's integrity level policy. What this actually means is the token's
IL policy in its SACL is modified to add no-read-up and no-execute-up
which is not the default. This prevents a lower privilege process from
opening the token object with rights such as duplicate and impersonation
which could be used to circumvent sandbox restrictions and elevate
privileges. While the policy is only enabled on the browser process by
making it a general mitigation policy it could be applied to all process
levels such as the GPU process to provide a similar effect.
BUG=440692
Committed: https://crrev.com/19669894e93f9279e860d9fff6a54f6cd042acd7
Cr-Commit-Position: refs/heads/master@{#313099}
Patch Set 1 #
Total comments: 10
Patch Set 2 : Changed earliest version to Windows 7 for policy, fixed minor style issues. #
Total comments: 2
Patch Set 3 : Changed comments to correctly indicate Windows 7 #
Messages
Total messages: 21 (4 generated)
|