diff --git a/apps/desktop/desktop_native/bitwarden_chromium_import_helper/src/windows.rs b/apps/desktop/desktop_native/bitwarden_chromium_import_helper/src/windows.rs index 4902d1f1d6..7ab80ff0f3 100644 --- a/apps/desktop/desktop_native/bitwarden_chromium_import_helper/src/windows.rs +++ b/apps/desktop/desktop_native/bitwarden_chromium_import_helper/src/windows.rs @@ -38,7 +38,7 @@ mod windows_binary { Pipes::GetNamedPipeServerProcessId, Threading::{ OpenProcess, OpenProcessToken, QueryFullProcessImageNameW, PROCESS_NAME_WIN32, - PROCESS_QUERY_INFORMATION, PROCESS_VM_READ, + PROCESS_QUERY_LIMITED_INFORMATION, }, }, UI::Shell::IsUserAnAdmin, @@ -65,7 +65,7 @@ mod windows_binary { const LOG_FILENAME: &str = "c:\\path\\to\\log.txt"; // This is an example filename, replace it with you own // This should be enabled for production - const ENABLE_SERVER_SIGNATURE_VALIDATION: bool = false; + const ENABLE_SERVER_SIGNATURE_VALIDATION: bool = true; const EXPECTED_SERVER_SIGNATURE_SHA256_THUMBPRINT: &str = "9f6680c4720dbf66d1cb8ed6e328f58e42523badc60d138c7a04e63af14ea40d"; @@ -138,8 +138,7 @@ mod windows_binary { dbg_log!("Resolving process executable path for PID {}", pid); // Open the process handle - let hprocess = - unsafe { OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, false, pid) }?; + let hprocess = unsafe { OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, false, pid) }?; dbg_log!("Opened process handle for PID {}", pid); // Close when no longer needed @@ -332,8 +331,7 @@ mod windows_binary { } fn get_process_handle(pid: u32) -> Result { - let hprocess = - unsafe { OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, false, pid) }?; + let hprocess = unsafe { OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, false, pid) }?; Ok(hprocess) }