Bug 1197943: Turn off MITIGATION_STRICT_HANDLE_CHECKS for NPAPI process sandbox for causing hangs. r=aklotz a=ritu
authorBob Owen <bobowencode@gmail.com>
Wed, 09 Sep 2015 08:45:25 +0100
changeset 283791 7e65fa0cf0c937d54ad6cbe7d4cae42a95a3d950
parent 283790 c47eb9288babc2615f65659a7bfdde607ef96343
child 283792 dd173dae22f14f92adfb87ae6ca2ff7235301f14
push id897
push userjlund@mozilla.com
push dateMon, 14 Sep 2015 18:56:12 +0000
treeherdermozilla-release@9411e2d2b214 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersaklotz, ritu
bugs1197943
milestone41.0
Bug 1197943: Turn off MITIGATION_STRICT_HANDLE_CHECKS for NPAPI process sandbox for causing hangs. r=aklotz a=ritu
security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
--- a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
+++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
@@ -223,22 +223,16 @@ SandboxBroker::SetSecurityLevelForPlugin
     sandbox::MITIGATION_HEAP_TERMINATE |
     sandbox::MITIGATION_SEHOP |
     sandbox::MITIGATION_DEP_NO_ATL_THUNK |
     sandbox::MITIGATION_DEP;
 
   result = mPolicy->SetProcessMitigations(mitigations);
   ret = ret && (sandbox::SBOX_ALL_OK == result);
 
-  mitigations =
-    sandbox::MITIGATION_STRICT_HANDLE_CHECKS;
-
-  result = mPolicy->SetDelayedProcessMitigations(mitigations);
-  ret = ret && (sandbox::SBOX_ALL_OK == result);
-
   // Add the policy for the client side of a pipe. It is just a file
   // in the \pipe\ namespace. We restrict it to pipes that start with
   // "chrome." so the sandboxed process cannot connect to system services.
   result = mPolicy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES,
                             sandbox::TargetPolicy::FILES_ALLOW_ANY,
                             L"\\??\\pipe\\chrome.*");
   ret = ret && (sandbox::SBOX_ALL_OK == result);