New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 3 users
Status: Started
Owner:
Last visit 17 days ago
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Feature



Sign in to add a comment
[Windows Sandbox] New mitigation support
Project Member Reported by penny...@chromium.org, Jun 15 Back to list
Tracking ticket for work underway.

- Dynamic Code Disable >= Win8.1.
  - Thread opt-out >= Win10 RS1.
  - Prevents the process from generating dynamic code or modifying executable code. Second option to allow thread-specific opt-out.
    - VirtualAlloc with PAGE_EXECUTE_*
    - VirtualProtect with PAGE_EXECUTE_*
    - MapViewOfFile with FILE_MAP_EXECUTE | FILE_MAP_WRITE
    - SetProcessValidCallTargets for CFG

- MS Code Signing enforcement >= Win10 TH2.
  - Prevents the process from loading binaries NOT signed by MS.

- Image load prefer system32 >= Win10 RS1.
  - Forces image load preference to prioritize the Windows install System32
 folder before dll load dir, application dir and any user dirs set.
  - Affects IAT resolution standard search path only, NOT direct LoadLibrary or executable search path.

 
Project Member Comment 1 by bugdroid1@chromium.org, Jul 10
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/661bc439df8ba9d5205af4acb617f640acaf2f1f

commit 661bc439df8ba9d5205af4acb617f640acaf2f1f
Author: pennymac <pennymac@chromium.org>
Date: Mon Jul 10 21:09:52 2017

[Windows Sandbox Tests] Re-format process mitigation tests.

- Rename process_mitigations_test.cc -> process_mitigations_unittest.cc
- Pull large chunks out of process_mitigations_unittest.cc into unittest
files of their own.  The size was getting way out of hand.
- New files for existing tests: extensionpoints, imageload, win32k.
- NO new functionality tests in this CL - only re-organized things:
  - Note: the existing tests for every process mitigation that just check policy
	enabling have been centralized into one single test target function
	(SBOX_TESTS_COMMAND) called CheckPolicy.  Any new mitigation checks
	should be added here as well.
  - Note: The individual mitigation TESTs that trigger "CheckPolicy" have been
	adjusted to ensure we test both pre and post child-process startup wherever
	they are supported.

TEST= sbox_integration_tests.exe, ProcessMitigationsTest.*
BUG=733739
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.win:win10_chromium_x64_rel_ng
TBR=forshaw,wfh

Review-Url: https://codereview.chromium.org/2944493002
Cr-Commit-Position: refs/heads/master@{#485387}

[modify] https://crrev.com/661bc439df8ba9d5205af4acb617f640acaf2f1f/sandbox/win/BUILD.gn
[add] https://crrev.com/661bc439df8ba9d5205af4acb617f640acaf2f1f/sandbox/win/src/process_mitigations_extensionpoints_unittest.cc
[add] https://crrev.com/661bc439df8ba9d5205af4acb617f640acaf2f1f/sandbox/win/src/process_mitigations_imageload_unittest.cc
[delete] https://crrev.com/39242679a2202b4bb17246c361d01efc01cb4c1c/sandbox/win/src/process_mitigations_test.cc
[add] https://crrev.com/661bc439df8ba9d5205af4acb617f640acaf2f1f/sandbox/win/src/process_mitigations_unittest.cc
[add] https://crrev.com/661bc439df8ba9d5205af4acb617f640acaf2f1f/sandbox/win/src/process_mitigations_win32k_unittest.cc
[modify] https://crrev.com/661bc439df8ba9d5205af4acb617f640acaf2f1f/sandbox/win/tests/integration_tests/hooking_dll.cc
[add] https://crrev.com/661bc439df8ba9d5205af4acb617f640acaf2f1f/sandbox/win/tests/integration_tests/hooking_dll.h
[modify] https://crrev.com/661bc439df8ba9d5205af4acb617f640acaf2f1f/sandbox/win/tests/integration_tests/hooking_win_proc.cc
[add] https://crrev.com/661bc439df8ba9d5205af4acb617f640acaf2f1f/sandbox/win/tests/integration_tests/hooking_win_proc.h
[modify] https://crrev.com/661bc439df8ba9d5205af4acb617f640acaf2f1f/sandbox/win/tests/integration_tests/integration_tests.cc
[modify] https://crrev.com/661bc439df8ba9d5205af4acb617f640acaf2f1f/sandbox/win/tests/integration_tests/integration_tests_common.h

Project Member Comment 2 by bugdroid1@chromium.org, Jul 13
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/21a5ba4cfdbafc3b0908f9af75c0de30b03d47ec

commit 21a5ba4cfdbafc3b0908f9af75c0de30b03d47ec
Author: Penny MacNeil <pennymac@chromium.org>
Date: Thu Jul 13 20:01:07 2017

[Windows Sandbox] New process mitigations (and tests).

- Dynamic Code Disable >= Win8.1.
  - Thread opt-out >= Win10 RS1.
  - Prevents the process from generating dynamic code or modifying executable code. Second option to allow thread-specific opt-out.
    - VirtualAlloc with PAGE_EXECUTE_*
    - VirtualProtect with PAGE_EXECUTE_*
    - MapViewOfFile with FILE_MAP_EXECUTE | FILE_MAP_WRITE
    - SetProcessValidCallTargets for CFG

- MS Code Signing enforcement >= Win10 TH2.
  - Prevents the process from loading binaries NOT signed by MS.

- Image load prefer system32 >= Win10 RS1.
  - Forces image load preference to prioritize the Windows install System32
 folder before dll load dir, application dir and any user dirs set.
  - Affects IAT resolution standard search path only, NOT direct LoadLibrary or executable search path.

TEST= sbox_integration_tests.exe, ProcessMitigationsTest.*
BUG=733739
R=forshaw@chromium.org
TBR=grt@chromium.org

Change-Id: I4347a9002368961e17f3f83ba39d50c469065bdc
Reviewed-on: https://chromium-review.googlesource.com/566286
Commit-Queue: Penny MacNeil <pennymac@chromium.org>
Reviewed-by: James Forshaw <forshaw@chromium.org>
Cr-Commit-Position: refs/heads/master@{#486464}
[modify] https://crrev.com/21a5ba4cfdbafc3b0908f9af75c0de30b03d47ec/base/win/windows_version.h
[modify] https://crrev.com/21a5ba4cfdbafc3b0908f9af75c0de30b03d47ec/sandbox/win/BUILD.gn
[modify] https://crrev.com/21a5ba4cfdbafc3b0908f9af75c0de30b03d47ec/sandbox/win/src/process_mitigations.cc
[modify] https://crrev.com/21a5ba4cfdbafc3b0908f9af75c0de30b03d47ec/sandbox/win/src/process_mitigations.h
[add] https://crrev.com/21a5ba4cfdbafc3b0908f9af75c0de30b03d47ec/sandbox/win/src/process_mitigations_dyncode_unittest.cc
[modify] https://crrev.com/21a5ba4cfdbafc3b0908f9af75c0de30b03d47ec/sandbox/win/src/process_mitigations_imageload_unittest.cc
[modify] https://crrev.com/21a5ba4cfdbafc3b0908f9af75c0de30b03d47ec/sandbox/win/src/process_mitigations_unittest.cc
[modify] https://crrev.com/21a5ba4cfdbafc3b0908f9af75c0de30b03d47ec/sandbox/win/src/security_level.h
[modify] https://crrev.com/21a5ba4cfdbafc3b0908f9af75c0de30b03d47ec/sandbox/win/tests/common/controller.h
[add] https://crrev.com/21a5ba4cfdbafc3b0908f9af75c0de30b03d47ec/sandbox/win/tests/integration_tests/hijack_dll.cc
[add] https://crrev.com/21a5ba4cfdbafc3b0908f9af75c0de30b03d47ec/sandbox/win/tests/integration_tests/hijack_dll.def
[add] https://crrev.com/21a5ba4cfdbafc3b0908f9af75c0de30b03d47ec/sandbox/win/tests/integration_tests/hijack_dlls.h
[add] https://crrev.com/21a5ba4cfdbafc3b0908f9af75c0de30b03d47ec/sandbox/win/tests/integration_tests/hijack_shim_dll.cc
[modify] https://crrev.com/21a5ba4cfdbafc3b0908f9af75c0de30b03d47ec/sandbox/win/tests/integration_tests/hooking_dll.h
[modify] https://crrev.com/21a5ba4cfdbafc3b0908f9af75c0de30b03d47ec/sandbox/win/tests/integration_tests/hooking_win_proc.h
[modify] https://crrev.com/21a5ba4cfdbafc3b0908f9af75c0de30b03d47ec/sandbox/win/tests/integration_tests/integration_tests_common.h

FYI: #2 CL first landed in M61, canary branch 3157.
Sign in to add a comment