Google Git
Sign in
chromium / chromium / src / 3e83f3bcc14f839458de320ec9981c9babf788c8
commit3e83f3bcc14f839458de320ec9981c9babf788c8[log] [tgz]
authorJames Forshaw <forshaw@chromium.org>Thu Apr 24 14:16:55 2025
committerChromium LUCI CQ <chromium-scoped@luci-project-accounts.iam.gserviceaccount.com>Thu Apr 24 14:16:55 2025
treeb3921518aa39bdee6d2c80eac6f93d302b8f85a1
parent91e260fb134367d12433cdf817a538f29c59f507 [diff]
[Windows] Use the user's temp folder for split-token administrators.

This CL changes the behavior when querying for the user's temp folder
if they're an administrator. For security reasons a change was made to
return a "secure" directory if the user is an administrator. However
this can cause problems if the user is a UAC split-token administrator
as it might introduce incorrect ACLs if the temporary files are copied
to a user's profile. While Chromium doesn't officially support running
as a split-token administrator, it is possible to accidentally run the
browser with the full token and cause issues with ACLs in the user's
profile. This change doesn't introduce a security issue as UAC is not
a security boundary (as per Microsoft) and so being able to redirect
a Chromium process's temp folder access is by design.

Bug: 365594097
Change-Id: Ifad1c589a2535f4d7a889b314e705dc8a658c853
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6481153
Reviewed-by: Will Harris <wfh@chromium.org>
Commit-Queue: James Forshaw <forshaw@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1451133}
1 file changed
tree: b3921518aa39bdee6d2c80eac6f93d302b8f85a1
  1. android_webview/
  2. apps/
  3. ash/
  4. base/
  5. build/
  6. build_overrides/
  7. buildtools/
  8. cc/
  9. chrome/
  10. chromecast/
  11. chromeos/
  12. codelabs/
  13. components/
  14. content/
  15. crypto/
  16. dbus/
  17. device/
  18. docs/
  19. extensions/
  20. fuchsia_web/
  21. gin/
  22. google_apis/
  23. gpu/
  24. headless/
  25. infra/
  26. ios/
  27. ipc/
  28. media/
  29. mojo/
  30. native_client_sdk/
  31. net/
  32. pdf/
  33. ppapi/
  34. printing/
  35. remoting/
  36. rlz/
  37. sandbox/
  38. services/
  39. skia/
  40. sql/
  41. storage/
  42. styleguide/
  43. testing/
  44. third_party/
  45. tools/
  46. ui/
  47. url/
  48. webkit/
  49. clank
  50. internal
  51. ios_internal
  52. native_client
  53. signing_keys
  54. v8
  55. .clang-format
  56. .clang-tidy
  57. .clangd
  58. .git-blame-ignore-revs
  59. .gitallowed
  60. .gitattributes
  61. .gitignore
  62. .gitmodules
  63. .gn
  64. .mailmap
  65. .rustfmt.toml
  66. .vpython3
  67. .yapfignore
  68. ATL_OWNERS
  69. AUTHORS
  70. BUILD.gn
  71. CODE_OF_CONDUCT.md
  72. codereview.settings
  73. CPPLINT.cfg
  74. CRYPTO_OWNERS
  75. DEPS
  76. DIR_METADATA
  77. LICENSE
  78. LICENSE.chromium_os
  79. OWNERS
  80. PRESUBMIT.py
  81. PRESUBMIT_test.py
  82. PRESUBMIT_test_mocks.py
  83. README.md
  84. WATCHLISTS
README.md

Logo Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is https://www.chromium.org.

To check out the source code locally, don't use git clone! Instead, follow the instructions on how to get the code.

Documentation in the source is rooted in docs/README.md.

Learn how to Get Around the Chromium Source Code Directory Structure.

For historical reasons, there are some small top level directories. Now the guidance is that new top level directories are for product (e.g. Chrome, Android WebView, Ash). Even if these products have multiple executables, the code should be in subdirectories of the product.

If you found a bug, please file it at https://crbug.com/new.