Bug 1129369 - Part 1: Turn on DEP_NO_ATL_THUNK process-level mitigation for the GMP sandbox. r=tabraldes, a=lmandel
authorBob Owen <bobowencode@gmail.com>
Tue, 10 Feb 2015 09:06:59 +0000
changeset 250085 56d34ca3b983
parent 250084 6454e62689f1
child 250086 fa0645acfc44
push id4500
push userryanvm@gmail.com
push date2015-02-27 20:31 +0000
treeherdermozilla-beta@4564e0e22a37 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerstabraldes, lmandel
bugs1129369
milestone37.0
Bug 1129369 - Part 1: Turn on DEP_NO_ATL_THUNK process-level mitigation for the GMP sandbox. r=tabraldes, a=lmandel
security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
--- a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
+++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
@@ -183,16 +183,17 @@ SandboxBroker::SetSecurityLevelForGMPlug
 
   result =
     mPolicy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_UNTRUSTED);
   ret = ret && (sandbox::SBOX_ALL_OK == result);
 
   sandbox::MitigationFlags mitigations =
     sandbox::MITIGATION_HEAP_TERMINATE |
     sandbox::MITIGATION_SEHOP |
+    sandbox::MITIGATION_DEP_NO_ATL_THUNK |
     sandbox::MITIGATION_DEP;
 
   result = mPolicy->SetProcessMitigations(mitigations);
   ret = ret && (sandbox::SBOX_ALL_OK == result);
 
   mitigations =
     sandbox::MITIGATION_DLL_SEARCH_ORDER;