Bug 1129369 - Part 2: Turn on BOTTOM_UP_ASLR process-level mitigation for the GMP sandbox. r=tabraldes, a=lmandel
authorBob Owen <bobowencode@gmail.com>
Tue, 10 Feb 2015 09:06:59 +0000
changeset 250086 fa0645acfc44
parent 250085 56d34ca3b983
child 250087 8fd533be98aa
push id4500
push userryanvm@gmail.com
push date2015-02-27 20:31 +0000
treeherdermozilla-beta@4564e0e22a37 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerstabraldes, lmandel
bugs1129369
milestone37.0
Bug 1129369 - Part 2: Turn on BOTTOM_UP_ASLR process-level mitigation for the GMP sandbox. r=tabraldes, a=lmandel
security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
--- a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
+++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
@@ -181,16 +181,17 @@ SandboxBroker::SetSecurityLevelForGMPlug
   result = mPolicy->SetIntegrityLevel(sandbox::INTEGRITY_LEVEL_LOW);
   ret = ret && (sandbox::SBOX_ALL_OK == result);
 
   result =
     mPolicy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_UNTRUSTED);
   ret = ret && (sandbox::SBOX_ALL_OK == result);
 
   sandbox::MitigationFlags mitigations =
+    sandbox::MITIGATION_BOTTOM_UP_ASLR |
     sandbox::MITIGATION_HEAP_TERMINATE |
     sandbox::MITIGATION_SEHOP |
     sandbox::MITIGATION_DEP_NO_ATL_THUNK |
     sandbox::MITIGATION_DEP;
 
   result = mPolicy->SetProcessMitigations(mitigations);
   ret = ret && (sandbox::SBOX_ALL_OK == result);