base: Create file mappings with reduced access control permissions.
A newly created file mapping has two sets of permissions. It has access control
permissions (WRITE_DAC, WRITE_OWNER, READ_CONTROL, and DELETE) and file
permissions (FILE_MAP_READ, FILE_MAP_WRITE, etc.). ::DuplicateHandle() with the
parameter DUPLICATE_SAME_ACCESS copies both sets of permissions.
The Chrome sandbox prevents HANDLEs with the WRITE_DAC permission from being
duplicated into unprivileged processes. But the only way to copy file
permissions is with the parameter DUPLICATE_SAME_ACCESS. This means that there
is no way for a privileged process to duplicate a file mapping into an
unprivileged process while maintaining the previous file permissions.
This CL removes all access control permissions of a file mapping immediately
after creation, which effectively means that ::DuplicateHandle() only copies
the file permissions.
These permissions are only enforced if the file mapping has a name, so this
CL also gives all file mappings a name.
BUG=493414
Review URL: https://codereview.chromium.org/1677163003
Cr-Commit-Position: refs/heads/master@{#376358}
4 files changed
