New issue
Advanced search Search tips

Issue 666970 link

Starred by 2 users
Status: Untriaged
Owner: ----
Cc:
siggi@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug



Sign in to add a comment

investigate /INTEGRITYCHECK for Chrome binaries

Project Member Reported by wfh@chromium.org, Nov 18 2016 
Master bug for investigation into using /INTEGRITYCHECK for Chrome binaries.

MSDN docs: https://msdn.microsoft.com/en-us/library/dn195769.aspx

TODO: Investigate:

1. Whether Chrome still runs/functions with this turned on
2. Does this affect developer builds - i.e. would this have to only be turned on for signed builds.
3. Where in the build process would the flag be added?
4. Perf implications.
5. Determining when /INTEGRITYCHECK fails in the wild and measuring it accurately and providing users with a way to fix it if their binaries get corrupted.

Comment 1 by wfh@chromium.org, Nov 19 2016 

one idea would be to turn it on only for the DLLs and not the main EXE, so the DLLs would be checked but EXE would not. This would allow accurate perf measurements to be made inside the main dll loader, and also provide a native dialog error for the user if/when Chrome binaries are corrupt.

Also TODO: what benefit does this actually give us. I presume the main benefit would be that it would mean fewer crash reports from corrupt clients, and it might also prevent malicious parties from meddling with Chrome and upsetting user experience.

Comment 2 by wfh@chromium.org, Nov 21 2016

Cc: siggi@chromium.org
Status: Available (was: Untriaged)
Siggi suggests using signing with page hashes here, to try and reduce any signature verification cost.

Comment 3 by ajha@chromium.org, Nov 24 2016

Components: Build
Project Member

Comment 4 by sheriffbot@chromium.org, Nov 24 2017

Labels: Hotlist-Recharge-Cold
Status: Untriaged (was: Available)
This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue.

Sorry for the inconvenience if the bug really should have been left as Available. If you change it back, also remove the "Hotlist-Recharge-Cold" label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment