Crash report client doesn't need full access handle to runtime when monitoring.

While monitoring the parent process CRC doesn't need a full access process handle on Windows. Open the handle using limited acccess flags instead. #rb stefan.boberg #jira UE-88601, UE-88978 #lockdown stefan.boberg #ushell-cherrypick of 11458913 by Johan.Berg #ushell-cherrypick of 11458942 by Johan.Berg [CL 11536303 by Johan Berg in 4.25 branch]
2026-03-26 18:15:20 -07:00 · 2020-02-19 08:33:28 -05:00
parent 283e8ac06b
commit edd4f3408a
1 changed files with 5 additions and 1 deletions
--- a/Engine/Source/Programs/CrashReportClient/Private/CrashReportClientApp.cpp
+++ b/Engine/Source/Programs/CrashReportClient/Private/CrashReportClientApp.cpp
@@ -781,8 +781,12 @@ void RunCrashReportClient(const TCHAR* CommandLine)
 		// Starts the disaster recovery service. This records transactions and allows users to recover from previous crashes.
 		RecoveryServicePtr = MakeShared<FRecoveryService>(MonitorPid);
 #endif
-
+#if PLATFORM_WINDOWS
+		// We do not need to open a full access process handle when monitoring process health.
+		FProcHandle MonitoredProcess = FProcHandle(::OpenProcess(PROCESS_DUP_HANDLE | PROCESS_QUERY_LIMITED_INFORMATION | PROCESS_TERMINATE | SYNCHRONIZE, 0, MonitorPid));
+#else
 		FProcHandle MonitoredProcess = FPlatformProcess::OpenProcess(MonitorPid);
+#endif
 		if (!MonitoredProcess.IsValid())
 		{
 			UE_LOG(CrashReportClientLog, Error, TEXT("Failed to open monitor process handle!"));