CEF: 101
Run cefclient.exe with --no-sandbox. Then all child process such as gpu or render are mark as "DEP(data execution prevention): disabled(permanent)"
After a little digging, I found --no-sandbox will mark /disable_cetcompat/ as true to set SHADOW_STACKS policy. Providing PROC_THREAD_ATTRIBUTE_MITIGATION_POLICY without PROCESS_CREATION_MITIGATION_POLICY_DEP_ENABLE to ::CreateProcess cause the child process disabled DEP permanently.
- Code: Select all
//chromium\src\base\process\launch_win.cc
// Set PROC_THREAD_ATTRIBUTE_MITIGATION_POLICY.
if (options.disable_cetcompat &&
base::win::GetVersion() >= base::win::Version::WIN10_20H1) {
DCHECK_GT(attribute_count, 0);
process_mitigations[1] |=
PROCESS_CREATION_MITIGATION_POLICY2_CET_USER_SHADOW_STACKS_ALWAYS_OFF;
if (!startup_info_wrapper.UpdateProcThreadAttribute(
PROC_THREAD_ATTRIBUTE_MITIGATION_POLICY, &process_mitigations[0],
sizeof(process_mitigations))) {
return Process();
}
}
Is this behave expected or a chromium bug?
MSDN list a tons of options for PROC_THREAD_ATTRIBUTE_MITIGATION_POLICY, will there some policies need to set on hand?
My current workaround:
add DEP policy when setting PROC_THREAD_ATTRIBUTE_MITIGATION_POLICY
- Code: Select all
process_mitigations[0] |= PROCESS_CREATION_MITIGATION_POLICY_DEP_ENABLE;