Confirmed users
1,983
edits
Security/Sandbox: Difference between revisions
update current level system
Alex gaynor (talk | contribs) (→Links: add a link to the new page) |
(update current level system) |
||
| Line 30: | Line 30: | ||
|- | |- | ||
|colspan="1"|[https://dxr.mozilla.org/mozilla-central/search?q=SandboxBroker%3A%3ASetSecurityLevelForContentProcess&redirect=true&case=true Windows (content)] | |colspan="1"|[https://dxr.mozilla.org/mozilla-central/search?q=SandboxBroker%3A%3ASetSecurityLevelForContentProcess&redirect=true&case=true Windows (content)] | ||
|style='text-align:center;' colspan="2"|Level | |style='text-align:center;' colspan="2"|Level 5 | ||
|style='text-align:center;' colspan="1"|Level | |style='text-align:center;' colspan="1"|Level 5 | ||
|style='text-align:center;' colspan="1"| | |style='text-align:center;' colspan="1"|Fx60 | ||
|style='text-align:center;' colspan="1"|Level | |style='text-align:center;' colspan="1"|Level 5 | ||
|style='text-align:center;' colspan="1"| | |style='text-align:center;' colspan="1"|Fx60 | ||
|- | |- | ||
|colspan="1"| [https://dxr.mozilla.org/mozilla-central/search?q=SetSecurityLevelForGPUProcess&redirect=true Windows (compositor)] | |colspan="1"| [https://dxr.mozilla.org/mozilla-central/search?q=SetSecurityLevelForGPUProcess&redirect=true Windows (compositor)] | ||
| Line 134: | Line 134: | ||
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
! Sandbox Feature !! Level 3 !! Level 4 | ! Sandbox Feature !! Level 3 !! Level 4 !! Level 5 | ||
|- | |- | ||
| Job Level || [http://searchfox.org/mozilla-central/rev/6c2dbacbba1d58b8679cee700fd0a54189e0cf1b/security/sandbox/chromium/sandbox/win/src/job.cc#38 JOB_RESTRICTED] || JOB_LOCKDOWN | | Job Level || [http://searchfox.org/mozilla-central/rev/6c2dbacbba1d58b8679cee700fd0a54189e0cf1b/security/sandbox/chromium/sandbox/win/src/job.cc#38 JOB_RESTRICTED] || JOB_LOCKDOWN || JOB_LOCKDOWN | ||
|- | |- | ||
| Access Token Level || USER_LIMITED || USER_LIMITED | | Access Token Level || USER_LIMITED || USER_LIMITED | ||
|- | |- | ||
| Alternate Desktop || no || YES | | Alternate Desktop || no || YES || YES | ||
|- | |- | ||
| Alternate Windows Station || no || no | | Alternate Windows Station || no || no || no | ||
|- | |- | ||
| Initial Integrity Level || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW | | Initial Integrity Level || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW | ||
| Line 164: | Line 164: | ||
MITIGATION_IMAGE_LOAD_NO_REMOTE<br> | MITIGATION_IMAGE_LOAD_NO_REMOTE<br> | ||
MITIGATION_IMAGE_LOAD_NO_LOW_LABEL | MITIGATION_IMAGE_LOAD_NO_LOW_LABEL | ||
|| | |||
MITIGATION_BOTTOM_UP_ASLR<br> | |||
MITIGATION_HEAP_TERMINATE<br> | |||
MITIGATION_SEHOP<br> | |||
MITIGATION_DEP_NO_ATL_THUNK<br> | |||
MITIGATION_DEP<br> | |||
MITIGATION_EXTENSION_POINT_DISABLE<br> | |||
MITIGATION_IMAGE_LOAD_NO_REMOTE<br> | |||
MITIGATION_IMAGE_LOAD_NO_LOW_LABEL<br> | |||
MITIGATION_IMAGE_LOAD_PREFER_SYS32 | |||
|- | |- | ||
| Delayed Mitigations || | | Delayed Mitigations || | ||
| Line 172: | Line 182: | ||
MITIGATION_DLL_SEARCH_ORDER | MITIGATION_DLL_SEARCH_ORDER | ||
|} | |} | ||
[http://mxr.mozilla.org/mozilla-central/source/security/sandbox/chromium/sandbox/win/src/security_level.h Windows Feature Header] | [http://mxr.mozilla.org/mozilla-central/source/security/sandbox/chromium/sandbox/win/src/security_level.h Windows Feature Header] | ||