Security/Sandbox: Difference between revisions

Security/Sandbox (view source)

Revision as of 18:47, 15 May 2020

804 bytes added , 15 May 2020

Add Socket Process to overview. Add level 6.

Gpascutto

Confirmed users

334

edits

@@ Line 47: / Line 47: @@
 |style='text-align:center;' colspan="2"|enabled
 |style='text-align:center;' colspan="2"|enabled
+|-
+|colspan="1"|[https://searchfox.org/mozilla-central/search?q=symbol:_ZN7mozilla21AbstractSandboxBroker32SetSecurityLevelForSocketProcessEv&redirect=false Windows (Socket)]
+|style='text-align:center;' colspan="2"|Level 1
+|style='text-align:center;' colspan="1"|Level 1
+|style='text-align:center;' colspan="1"|Fx75
+|style='text-align:center;' colspan="1"|Level 1
+|style='text-align:center;' colspan="1"|Fx75
 |-
 | [https://dxr.mozilla.org/mozilla-central/search?q=SandboxBroker%3A%3ASetSecurityLevelForPluginProcess&redirect=true&case=true Windows 64bit (NPAPI Plugin)]
@@ Line 89: / Line 96: @@
 A 'level' value reflects unique sandbox security settings for each platform and process. Most processes only have two "active" levels, the current setting and a lower (previous released) setting. Level settings other than these two values carry no guarantee of altering security behavior, level settings are primarily a release rollout debugging feature.
-DEPRECATION WARNING - The current level system will be replaced by a configuration system that allows for more fine grain control over sandbox settings.
 [1] Level 1 available but disabled due to various regressions with scrolling, see {{bug|1347710}}.
@@ Line 139: / Line 144: @@
 {| class="wikitable"
 |-
-! Sandbox Feature !! Level 3 !! Level 4 !! Level 5
+! Sandbox Feature !! Level 3 !! Level 4 !! Level 5 !! Level 6
 |-
-| Job Level || [http://searchfox.org/mozilla-central/rev/6c2dbacbba1d58b8679cee700fd0a54189e0cf1b/security/sandbox/chromium/sandbox/win/src/job.cc#38 JOB_RESTRICTED] || JOB_LOCKDOWN || JOB_LOCKDOWN
+| Job Level || [http://searchfox.org/mozilla-central/rev/6c2dbacbba1d58b8679cee700fd0a54189e0cf1b/security/sandbox/chromium/sandbox/win/src/job.cc#38 JOB_RESTRICTED] || JOB_LOCKDOWN || JOB_LOCKDOWN || JOB_LOCKDOWN
 |-
-| Access Token Level || USER_LIMITED || USER_LIMITED || USER_LIMITED
+| Access Token Level || USER_LIMITED || USER_LIMITED || USER_LIMITED || USER_LIMITED
 |-
-| Alternate Desktop || no || YES || YES
+| Alternate Desktop || no || YES || YES || YES
 |-
-| Alternate Windows Station || no || no || no
+| Alternate Windows Station || no || no || no || no
 |-
-| Initial Integrity Level || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW
+| Initial Integrity Level || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW
 |-
-| Delayed Integrity Level || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW
+| Delayed Integrity Level || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW
 |-
 | Mitigations ||
@@ Line 179: / Line 184: @@
 MITIGATION_IMAGE_LOAD_NO_LOW_LABEL<br>
 MITIGATION_IMAGE_LOAD_PREFER_SYS32
+||
+MITIGATION_BOTTOM_UP_ASLR<br>
+MITIGATION_HEAP_TERMINATE<br>
+MITIGATION_SEHOP<br>
+MITIGATION_DEP_NO_ATL_THUNK<br>
+MITIGATION_DEP<br>
+MITIGATION_EXTENSION_POINT_DISABLE<br>
+MITIGATION_IMAGE_LOAD_NO_REMOTE<br>
+MITIGATION_IMAGE_LOAD_NO_LOW_LABEL<br>
+MITIGATION_IMAGE_LOAD_PREFER_SYS32<br>
+Locked Down Default DACL
 |-
 | Delayed Mitigations ||
+MITIGATION_STRICT_HANDLE_CHECKS<br>
+MITIGATION_DLL_SEARCH_ORDER
+||
+MITIGATION_STRICT_HANDLE_CHECKS<br>
+MITIGATION_DLL_SEARCH_ORDER
+||
 MITIGATION_STRICT_HANDLE_CHECKS<br>
 MITIGATION_DLL_SEARCH_ORDER

Security/Sandbox: Difference between revisions

Security/Sandbox (view source)

Revision as of 18:47, 15 May 2020

Navigation menu

Search