New issue
Advanced search Search tips

Issue 793104 link

Starred by 1 user
Status: Assigned
Owner:
robliao@chromium.org
Cc:
brucedaw...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 3
Type: Bug



Sign in to add a comment

Make ScopedHandle/HandleVerifier smarter about pseudo handles

Project Member Reported by jsc...@chromium.org, Dec 7 2017 
Pseudo-handles can't be closed, but we also don't prevent you from assigning them to a ScopedHandle, which means that the HandleVerifier can blow up on canary channel in the wild. So, we should detect pseudo-handles and either prevent the assignment, or prevent the HandleVerifier from blowing up.

One really easy idea: Check if either of the bottom two bits are set in the HandleVerifier before blowing up.

Comment 1 by brucedaw...@chromium.org, Dec 7 2017 

Assigning pseudo-handles could be dangerous (assuming we are talking about CurrentProcess(), CurrentThread(), CurrentSession(), ???) because their meaning is context sensitive and that context could easily be changed without the user realizing the significance.

Maybe we should disallow assigning them with a recommendation that developers clone then (making them non-pseudo) before then can be stored in a ScopedHandle.

> Check if either of the bottom two bits are set

Or check for the small set of hard-coded values - it looks like -1, -2, and -3 are the only ones?

Comment 2 by robliao@chromium.org, Dec 7 2017 

I'll dig around the kernel and see what I find. I see some checks for higher order bits running around with comparisons to the likes of -1.

Don't all handles operate in the context of the current process anyways? CurrentProcess() is less bad in that light. CurrentThread() is interesting. Anyone passing a handle to a process in a different session would need to call DuplicateHandle on that handle anyways.

Sign in to add a comment