MozillaWiki

Security/Sandbox: Difference between revisions

Page Discussion

Security/Sandbox (view source)

Revision as of 19:11, 25 May 2020

1,852 bytes removed ,  25 May 2020
Clean up Windows overview to only 5 and 6
(Update team, Zoom, Matrix)
(Clean up Windows overview to only 5 and 6)
Line 112: Line 112:
{| class="wikitable"
{| class="wikitable"
|-
|-
! Sandbox Feature !! Level 0 !! Level 1 !! Level 2
! Sandbox Feature !! Level 5 !! Level 6
|-
|-
| Job Level || JOB_NONE || JOB_NONE || JOB_INTERACTIVE
| Job Level || JOB_LOCKDOWN || JOB_LOCKDOWN
|-
|-
| Access Token Level || USER_NON_ADMIN || USER_NON_ADMIN || USER_INTERACTIVE
| Access Token Level || USER_LIMITED || USER_LIMITED
|-
|-
| Alternate Desktop || no || no || no
| Alternate Desktop || YES || YES
|-
|-
| Alternate Windows Station || no || no || no
| Alternate Windows Station || no || no
|-
|-
| Initial Integrity Level || INTEGRITY_LEVEL_MEDIUM || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW
| Initial Integrity Level || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW
|-
|-
| Delayed Integrity Level || INTEGRITY_LEVEL_MEDIUM || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW
| Delayed Integrity Level || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW
|-
|-
| Mitigations || None ||
| Mitigations  
MITIGATION_BOTTOM_UP_ASLR<br>
MITIGATION_HEAP_TERMINATE<br>
MITIGATION_SEHOP<br>
MITIGATION_DEP_NO_ATL_THUNK<br>
MITIGATION_DEP
||
MITIGATION_BOTTOM_UP_ASLR<br>
MITIGATION_HEAP_TERMINATE<br>
MITIGATION_SEHOP<br>
MITIGATION_DEP_NO_ATL_THUNK<br>
MITIGATION_DEP
|-
| Delayed Mitigations || None ||
MITIGATION_STRICT_HANDLE_CHECKS<br>
MITIGATION_DLL_SEARCH_ORDER
||
MITIGATION_STRICT_HANDLE_CHECKS<br>
MITIGATION_DLL_SEARCH_ORDER
|}
 
{| class="wikitable"
|-
! Sandbox Feature !! Level 3 !! Level 4 !! Level 5 !! Level 6
|-
| Job Level || [http://searchfox.org/mozilla-central/rev/6c2dbacbba1d58b8679cee700fd0a54189e0cf1b/security/sandbox/chromium/sandbox/win/src/job.cc#38 JOB_RESTRICTED] || JOB_LOCKDOWN || JOB_LOCKDOWN || JOB_LOCKDOWN
|-
| Access Token Level || USER_LIMITED || USER_LIMITED || USER_LIMITED || USER_LIMITED
|-
| Alternate Desktop || no || YES || YES || YES
|-
| Alternate Windows Station || no || no || no || no
|-
| Initial Integrity Level || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW
|-
| Delayed Integrity Level || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW
|-
| Mitigations ||
MITIGATION_BOTTOM_UP_ASLR<br>
MITIGATION_HEAP_TERMINATE<br>
MITIGATION_SEHOP<br>
MITIGATION_DEP_NO_ATL_THUNK<br>
MITIGATION_DEP<br>
MITIGATION_EXTENSION_POINT_DISABLE
||
MITIGATION_BOTTOM_UP_ASLR<br>
MITIGATION_HEAP_TERMINATE<br>
MITIGATION_SEHOP<br>
MITIGATION_DEP_NO_ATL_THUNK<br>
MITIGATION_DEP<br>
MITIGATION_EXTENSION_POINT_DISABLE<br>
MITIGATION_IMAGE_LOAD_NO_REMOTE<br>
MITIGATION_IMAGE_LOAD_NO_LOW_LABEL
||
||
MITIGATION_BOTTOM_UP_ASLR<br>
MITIGATION_BOTTOM_UP_ASLR<br>
Line 201: Line 149:
Locked Down Default DACL
Locked Down Default DACL
|-
|-
| Delayed Mitigations ||
| Delayed Mitigations  
MITIGATION_STRICT_HANDLE_CHECKS<br>
MITIGATION_DLL_SEARCH_ORDER
||
MITIGATION_STRICT_HANDLE_CHECKS<br>
MITIGATION_DLL_SEARCH_ORDER
||
||
MITIGATION_STRICT_HANDLE_CHECKS<br>
MITIGATION_STRICT_HANDLE_CHECKS<br>
Gpascutto
Confirmed users
333

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/1227527"