Bug 1129369 Part 1: Turn on DEP_NO_ATL_THUNK process-level mitigation for the GMP sandbox. r=tabraldes
authorBob Owen <bobowencode@gmail.com>
Tue, 10 Feb 2015 09:06:59 +0000
changeset 228414 bd213a5766714a5b6c93bf7a31fbf2bf000d4411
parent 228413 1938c82eaf522f4e9b03df197fbc88d022df9e2b
child 228415 6cb61619e34f9a3e6ff0c2c253d18e19d910c1b6
push id28261
push userryanvm@gmail.com
push dateTue, 10 Feb 2015 21:03:20 +0000
treeherdermozilla-central@ee093ca70666 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerstabraldes
bugs1129369
milestone38.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1129369 Part 1: Turn on DEP_NO_ATL_THUNK process-level mitigation for the GMP sandbox. r=tabraldes
security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
--- a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
+++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
@@ -218,16 +218,17 @@ SandboxBroker::SetSecurityLevelForGMPlug
 
   result =
     mPolicy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_UNTRUSTED);
   ret = ret && (sandbox::SBOX_ALL_OK == result);
 
   sandbox::MitigationFlags mitigations =
     sandbox::MITIGATION_HEAP_TERMINATE |
     sandbox::MITIGATION_SEHOP |
+    sandbox::MITIGATION_DEP_NO_ATL_THUNK |
     sandbox::MITIGATION_DEP;
 
   result = mPolicy->SetProcessMitigations(mitigations);
   ret = ret && (sandbox::SBOX_ALL_OK == result);
 
   mitigations =
     sandbox::MITIGATION_DLL_SEARCH_ORDER;