Move winprocess_sys into a new low-level hardening module

This code was in our process module, but it doesn't belong there:
process is for launching and monitoring subprocesses, not for
hardening the current process.

This change lets us have our subsystem init order more closely match
our dependency order.

3 files changed, 2 insertions, 84 deletions

diff --git a/src/lib/process/include.am b/src/lib/process/include.am
index af5f99617b..18876b3f54 100644
--- a/src/lib/process/include.am
+++ b/src/lib/process/include.am
@@ -16,8 +16,7 @@ src_lib_libtor_process_a_SOURCES =		\
 	src/lib/process/process_win32.c		\
 	src/lib/process/restrict.c		\
 	src/lib/process/setuid.c		\
-	src/lib/process/waitpid.c		\
-	src/lib/process/winprocess_sys.c
+	src/lib/process/waitpid.c
 
 src_lib_libtor_process_testing_a_SOURCES = \
 	$(src_lib_libtor_process_a_SOURCES)
@@ -35,5 +34,4 @@ noinst_HEADERS +=				\
 	src/lib/process/process_win32.h		\
 	src/lib/process/restrict.h		\
 	src/lib/process/setuid.h		\
-	src/lib/process/waitpid.h		\
-	src/lib/process/winprocess_sys.h
+	src/lib/process/waitpid.h
diff --git a/src/lib/process/winprocess_sys.c b/src/lib/process/winprocess_sys.c
deleted file mode 100644
index e43a77e467..0000000000
--- a/src/lib/process/winprocess_sys.c
+++ /dev/null
@@ -1,66 +0,0 @@
-/* Copyright (c) 2018-2020, The Tor Project, Inc. */
-/* See LICENSE for licensing information */
-
-/**
- * \file winprocess_sys.c
- * \brief Subsystem object for windows process setup.
- **/
-
-#include "orconfig.h"
-#include "lib/subsys/subsys.h"
-#include "lib/process/winprocess_sys.h"
-
-#include <stdbool.h>
-#include <stddef.h>
-
-#ifdef _WIN32
-#include <windows.h>
-
-#define WINPROCESS_SYS_ENABLED true
-
-static int
-subsys_winprocess_initialize(void)
-{
-#ifndef HeapEnableTerminationOnCorruption
-#define HeapEnableTerminationOnCorruption 1
-#endif
-
-  /* On heap corruption, just give up; don't try to play along. */
-  HeapSetInformation(NULL, HeapEnableTerminationOnCorruption, NULL, 0);
-
-  /* SetProcessDEPPolicy is only supported on 32-bit Windows.
-   * (On 64-bit Windows it always fails, and some compilers don't like the
-   * PSETDEP cast.)
-   * 32-bit Windows defines _WIN32.
-   * 64-bit Windows defines _WIN32 and _WIN64. */
-#ifndef _WIN64
-  /* Call SetProcessDEPPolicy to permanently enable DEP.
-     The function will not resolve on earlier versions of Windows,
-     and failure is not dangerous. */
-  HMODULE hMod = GetModuleHandleA("Kernel32.dll");
-  if (hMod) {
-    typedef BOOL (WINAPI *PSETDEP)(DWORD);
-    PSETDEP setdeppolicy = (PSETDEP)GetProcAddress(hMod,
-                           "SetProcessDEPPolicy");
-    if (setdeppolicy) {
-      /* PROCESS_DEP_ENABLE | PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION */
-      setdeppolicy(3);
-    }
-  }
-#endif /* !defined(_WIN64) */
-
-  return 0;
-}
-#else /* !defined(_WIN32) */
-#define WINPROCESS_SYS_ENABLED false
-#define subsys_winprocess_initialize NULL
-#endif /* defined(_WIN32) */
-
-const subsys_fns_t sys_winprocess = {
-  .name = "winprocess",
-  /* HeapEnableTerminationOnCorruption and setdeppolicy() are security
-   * features, we want them to run first. */
-  .level = -100,
-  .supported = WINPROCESS_SYS_ENABLED,
-  .initialize = subsys_winprocess_initialize,
-};
diff --git a/src/lib/process/winprocess_sys.h b/src/lib/process/winprocess_sys.h
deleted file mode 100644
index bece1b3da9..0000000000
--- a/src/lib/process/winprocess_sys.h
+++ /dev/null
@@ -1,14 +0,0 @@
-/* Copyright (c) 2018-2020, The Tor Project, Inc. */
-/* See LICENSE for licensing information */
-
-/**
- * \file winprocess_sys.h
- * \brief Declare subsystem object for winprocess.c
- **/
-
-#ifndef TOR_WINPROCESS_SYS_H
-#define TOR_WINPROCESS_SYS_H
-
-extern const struct subsys_fns_t sys_winprocess;
-
-#endif /* !defined(TOR_WINPROCESS_SYS_H) */