commit | 9e9ae5c744fa28bd50a3e7bb18d4f51016e560a2 | [log] [tgz] |
---|---|---|
author | Penny MacNeil <pennymac@chromium.org> | Tue Aug 08 01:35:38 2017 |
committer | Commit Bot <commit-bot@chromium.org> | Tue Aug 08 01:35:38 2017 |
tree | eb07e1a0ed46e848c927f5dfde16cd2e4868f958 | |
parent | 634c2696392a7be6171a278f888561a672c87fc5 [diff] |
[Windows Sandbox] MS-signed binaries only, post-startup. Enable MITIGATION_FORCE_MS_SIGNED_BINS post-startup (after warmup) on all sandboxed child processes. Any third-party modules must be loaded at process startup. Also includes a temporary emergency off switch. "WinSboxForceMsSigned" can be used on the command line to disable the block. (Aside: this CL also removes the old emergency off switch around MITIGATION_EXTENSION_POINT_DISABLE - for child processes.) TEST= sbox_integration_tests.exe, ProcessMitigationsTest.* BUG=750886 Change-Id: I638aebade28ff42743b07d885dff8230a1e25c49 Reviewed-on: https://chromium-review.googlesource.com/596677 Commit-Queue: Penny MacNeil <pennymac@chromium.org> Reviewed-by: Will Harris <wfh@chromium.org> Reviewed-by: Charlie Reis <creis@chromium.org> Cr-Commit-Position: refs/heads/master@{#492495}
Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
The project's web site is https://www.chromium.org.
Documentation in the source is rooted in docs/README.md.
Learn how to Get Around the Chromium Source Code Directory Structure .