Details
-
Task
-
Resolution: Fixed
-
Not Evaluated
-
None
-
5.11.0
-
None
-
Visual Studio 2015. Windows 7 & 10.
-
Windows
Description
Windows have since Vista supported a mandatory access control scheme referred to as Windows Integrity Mechanism, which can be used for application sandboxing. The CLSCTX_ENABLE_CLOAKING flag introduced in QTBUG-70744 can be combined with the instructions on https://msdn.microsoft.com/en-us/library/bb625960.aspx to instantiate ActiveX controls built as EXE in a limited privilege "low integrity" process. However, this doesn't work yet due to window parenting issues.
More specifically, the CreateWindow call in ActiveQt-based controls fail with ERROR_ACCESS_DENIED, since it doesn't have permission to assign the container window as parent. According to https://groups.google.com/forum/#!topic/microsoft.public.win32.programmer.kernel/h7tsbl_OdR4 this is a known issue that is worked around by setting the parent window in the "high integrity" container process.
Google Chrome already does this, and the implementation is found in https://github.com/chromium-googlesource-mirror/chromium/blob/master/src/content/browser/plugin_process_host.cc#L58
Attachments
| For Gerrit Dashboard: QTBUG-70983 | ||||||
|---|---|---|---|---|---|---|
| # | Subject | Branch | Project | Status | CR | V |
| 242099,11 | ActiveQt: Make window parenting sandbox compatible | dev | qt/qtactiveqt | Status: MERGED | -2 | 0 |
| 242725,9 | Extend QAxSelect with a "sandboxing" combo-box | dev | qt/qtactiveqt | Status: MERGED | +2 | 0 |
| 242726,11 | Implement sandboxing support in TestCon | dev | qt/qtactiveqt | Status: MERGED | +2 | 0 |
| 243351,5 | Enable DllSurrogate activation when building as DLL | dev | qt/qtactiveqt | Status: MERGED | +2 | 0 |
| 278161,1 | Remove titlebar from sandboxed ActiveX window | 5.14 | qt/qtactiveqt | Status: DEFERRED | 0 | 0 |