nagai/fune
3
0
Fork 0
forked from mirrors/gecko-dev
Code Pull requests Activity

Bug 1936749 - Disable ACG if we detect MpDetours.dll injection. a=dmeehan

Browse source 
Original Revision: https://phabricator.services.mozilla.com/D236890

Differential Revision: https://phabricator.services.mozilla.com/D238183
This commit is contained in:
Yannis Juglaret 2025-02-14 14:36:16 +00:00
parent 29dc8d2766
commit a822487965
1 changed files with 13 additions and 0 deletions
repo.diff.show_diff_stats Download patch file Download diff file Expand all files Collapse all files

13
security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
View file

@ -299,6 +299,19 @@ Result<Ok, mozilla::ipc::LaunchError> SandboxBroker::LaunchApp(
"Setting the reduced set of flags should always succeed"); "Setting the reduced set of flags should always succeed");
} }
// Bug 1936749: MpDetours.dll injection is incompatible with ACG.
constexpr sandbox::MitigationFlags kDynamicCodeFlags =
sandbox::MITIGATION_DYNAMIC_CODE_DISABLE |
sandbox::MITIGATION_DYNAMIC_CODE_DISABLE_WITH_OPT_OUT;
sandbox::MitigationFlags delayedMitigations =
mPolicy->GetDelayedProcessMitigations();
if ((delayedMitigations & kDynamicCodeFlags) &&
::GetModuleHandleW(L"MpDetours.dll")) {
delayedMitigations &= ~kDynamicCodeFlags;
SANDBOX_SUCCEED_OR_CRASH(
mPolicy->SetDelayedProcessMitigations(delayedMitigations));
}
// If logging enabled, set up the policy. // If logging enabled, set up the policy.
if (aEnableLogging) { if (aEnableLogging) {
ApplyLoggingPolicy(); ApplyLoggingPolicy();