New issue
Advanced search Search tips

Issue 880064 link

Starred by 1 user

Issue metadata

Status: Assigned
Owner:
Cc:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 3
Type: Bug



Sign in to add a comment

[Windows] Remove Name from Anonymous Sections

Project Member Reported by forshaw@chromium.org, Sep 3

Issue description

In order to fix  crbug.com/338538  the shared memory implementation added a randomly generated name to anonymous sections as Windows didn't enforce a security descriptor on unnamed section objects. This was a problem due to the handles being duplicated into less privileged processes and would allow a section to be converted from read-only to writable. 

Due to some recent research I've discovered that Microsoft changed this behavior, at least in Windows 10 and potentially in Windows 8.X so that you can now specify a security descriptor for an anonymous section object. We should be able to remove the need for generating a name on any platform >= 8.X which would remove the spamming of the user's named objects directory with unnecessary names and would probably save some memory and performance.

There's already a unit test for this behavior so we should be able to just not generate the name if the current windows version is 8.X or greater.
 
Project Member

Comment 1 by bugdroid1@chromium.org, Sep 5

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/b7d66e95ebb94b7359488b1f2976ac4915bd6103

commit b7d66e95ebb94b7359488b1f2976ac4915bd6103
Author: James Forshaw <forshaw@chromium.org>
Date: Tue Sep 04 20:28:41 2018

[Windows] Only generate a shared memory name if on < v8.1.

This CL changes the creation of anonymous shared memory on Windows to
remove name generation on versions >= 8.1. This was originally added as
Windows would ignore the security of an unnamed object on XP -> 7, however
from at least Windows 8.1 this is no longer the case as we can create
unnamed shared memory (which will reduce memory usage slightly as well as
clutter in the user's named objects directory) while still enforcing the
security requirements. While this is likely to work on Windows 8 it'll
only be enforced for 8.1 and above due to a lack of testing for 8.

Bug: 880064
Change-Id: I25c039b38a485f99a0b7a02a7b6cc3718807d5b2
Reviewed-on: https://chromium-review.googlesource.com/1202148
Reviewed-by: Will Harris <wfh@chromium.org>
Commit-Queue: James Forshaw <forshaw@chromium.org>
Cr-Commit-Position: refs/heads/master@{#588634}
[modify] https://crrev.com/b7d66e95ebb94b7359488b1f2976ac4915bd6103/base/memory/shared_memory_win.cc

Project Member

Comment 2 by bugdroid1@chromium.org, Sep 6

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/d497ee1dac843b3dab76aa89209baea0dde15daf

commit d497ee1dac843b3dab76aa89209baea0dde15daf
Author: James Forshaw <forshaw@chromium.org>
Date: Thu Sep 06 22:15:40 2018

[Windows] Only generate a platform shared memory name if on < v8.1.

This CL changes the creation of anonymous shared memory on Windows to
remove name generation on versions < 8.1. This was originally added as
Windows would ignore the security of an unnamed object on XP -> 7, however
from at least Windows 8.1 this is no longer the case as we can create
unnamed shared memory (which will reduce memory usage slightly as well as
clutter in the user's named objects directory) while still enforcing the
security requirements. While this is likely to work on Windows 8 it'll
only be enforced for 8.1 and above due to a lack of testing for 8.

This CL applies the same changes in shared_memory_win to the platform
shared memory APIs which just copied the original implementation.

Bug: 880064
Change-Id: I3c61c01823a78d09ac6d220b647b26a07821ab39
Reviewed-on: https://chromium-review.googlesource.com/1209603
Reviewed-by: Will Harris <wfh@chromium.org>
Commit-Queue: James Forshaw <forshaw@chromium.org>
Cr-Commit-Position: refs/heads/master@{#589335}
[modify] https://crrev.com/d497ee1dac843b3dab76aa89209baea0dde15daf/base/memory/platform_shared_memory_region_win.cc

Sign in to add a comment