/
cherry-pick-80106e31c7ea.patch
155 lines (137 loc) · 5.43 KB
/
cherry-pick-80106e31c7ea.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Pedro Pontes <pepontes@microsoft.com>
Date: Mon, 25 Sep 2023 14:50:19 -0700
Subject: Only enable Node inspector if a specific reg value is present.
Electron will not pass the debug CLI arguments to Node unless
a speficic HKLM\\[reg-key]\InspectorAllowed is found in the 64-bit
view of the registry (even for 32-bit apps). The reg-key is specified
as a build flag.
This prevents attacks where the Electron App is started with the
Node inspector enabled to achieve main process RCE via the debugger.
diff --git a/shell/common/node_bindings.cc b/shell/common/node_bindings.cc
index 02b9af097ef0c36259cd3fc7d47d5ebd86b0a205..2a0fd48cc994d9dc370ecd644747b26d289ec4ab 100644
--- a/shell/common/node_bindings.cc
+++ b/shell/common/node_bindings.cc
@@ -8,7 +8,6 @@
#include <memory>
#include <set>
#include <string>
-#include <unordered_set>
#include <utility>
#include <vector>
@@ -205,21 +204,6 @@ void ErrorMessageListener(v8::Local<v8::Message> message,
}
}
-const std::unordered_set<base::StringPiece, base::StringPieceHash>
-GetAllowedDebugOptions() {
- if (electron::fuses::IsNodeCliInspectEnabled()) {
- // Only allow DebugOptions in non-ELECTRON_RUN_AS_NODE mode
- return {
- "--inspect", "--inspect-brk",
- "--inspect-port", "--debug",
- "--debug-brk", "--debug-port",
- "--inspect-brk-node", "--inspect-publish-uid",
- };
- }
- // If node CLI inspect support is disabled, allow no debug options.
- return {};
-}
-
// Initialize NODE_OPTIONS to pass to Node.js
// See https://nodejs.org/api/cli.html#cli_node_options_options
void SetNodeOptions(base::Environment* env) {
@@ -635,6 +619,21 @@ void NodeBindings::RunMessageLoop() {
UvRunOnce();
}
+const std::unordered_set<base::StringPiece, base::StringPieceHash>
+NodeBindings::GetAllowedDebugOptions() {
+ if (electron::fuses::IsNodeCliInspectEnabled()) {
+ // Only allow DebugOptions in non-ELECTRON_RUN_AS_NODE mode
+ return {
+ "--inspect", "--inspect-brk",
+ "--inspect-port", "--debug",
+ "--debug-brk", "--debug-port",
+ "--inspect-brk-node", "--inspect-publish-uid",
+ };
+ }
+ // If node CLI inspect support is disabled, allow no debug options.
+ return {};
+}
+
void NodeBindings::UvRunOnce() {
node::Environment* env = uv_env();
diff --git a/shell/common/node_bindings.h b/shell/common/node_bindings.h
index d0627bb4ec372cd386a106b1bcba74e111d836e1..96795d03b4d47fa434fce847f2ececfdcd4969d5 100644
--- a/shell/common/node_bindings.h
+++ b/shell/common/node_bindings.h
@@ -6,6 +6,7 @@
#define ELECTRON_SHELL_COMMON_NODE_BINDINGS_H_
#include <type_traits>
+#include <unordered_set>
#include "base/files/file_path.h"
#include "base/memory/weak_ptr.h"
@@ -123,6 +124,9 @@ class NodeBindings {
protected:
explicit NodeBindings(BrowserEnvironment browser_env);
+ virtual const std::unordered_set<base::StringPiece, base::StringPieceHash>
+ GetAllowedDebugOptions();
+
// Called to poll events in new thread.
virtual void PollEvents() = 0;
diff --git a/shell/common/node_bindings_win.cc b/shell/common/node_bindings_win.cc
index 1410925f195c569cd4a19a0836a6f62156c888f8..0517db8d200cc1b259b2a5e4dc86dbaaed201a90 100644
--- a/shell/common/node_bindings_win.cc
+++ b/shell/common/node_bindings_win.cc
@@ -8,6 +8,7 @@
#include "base/logging.h"
#include "base/system/sys_info.h"
+#include "base/win/registry.h"
namespace electron {
@@ -68,6 +69,24 @@ void NodeBindingsWin::PollEvents() {
PostQueuedCompletionStatus(uv_loop_->iocp, bytes, key, overlapped);
}
+#if BUILDFLAG(MICROSOFT_ENABLE_NODE_INSPECTOR_ONLY_IF_REGKEY_PRESENT)
+const std::unordered_set<base::StringPiece, base::StringPieceHash>
+NodeBindingsWin::GetAllowedDebugOptions() {
+ const auto* teams_key = BUILDFLAG(MICROSOFT_NODE_INSPECTOR_REGKEY);
+ // Always use the 64-bit registry view, even from a 32-bit app.
+ const auto regAccess = KEY_QUERY_VALUE | KEY_WOW64_64KEY;
+ const base::win::RegKey teamsRegKey{HKEY_LOCAL_MACHINE, teams_key, regAccess};
+ const auto* node_inspector_value = L"InspectorAllowed";
+ if (teamsRegKey.Valid() && teamsRegKey.HasValue(node_inspector_value)) {
+ // Only if the Node inspector value is present in the Teams key
+ // is that the app potentially allows the debug options.
+ return NodeBindings::GetAllowedDebugOptions();
+ }
+
+ return {};
+}
+#endif
+
// static
NodeBindings* NodeBindings::Create(BrowserEnvironment browser_env) {
return new NodeBindingsWin(browser_env);
diff --git a/shell/common/node_bindings_win.h b/shell/common/node_bindings_win.h
index 59d7469b0ff756f5ad3e0aae6766987f3b7b62c0..9cf6f981ae63fcb8e7aa8469e567d3b6c54b0d60 100644
--- a/shell/common/node_bindings_win.h
+++ b/shell/common/node_bindings_win.h
@@ -5,7 +5,10 @@
#ifndef ELECTRON_SHELL_COMMON_NODE_BINDINGS_WIN_H_
#define ELECTRON_SHELL_COMMON_NODE_BINDINGS_WIN_H_
+#include <unordered_set>
+
#include "base/compiler_specific.h"
+#include "microsoft/buildflags/buildflags.h"
#include "shell/common/node_bindings.h"
namespace electron {
@@ -18,6 +21,12 @@ class NodeBindingsWin : public NodeBindings {
void PrepareMessageLoop() override;
void RunMessageLoop() override;
+ protected:
+#if BUILDFLAG(MICROSOFT_ENABLE_NODE_INSPECTOR_ONLY_IF_REGKEY_PRESENT)
+ const std::unordered_set<base::StringPiece, base::StringPieceHash>
+ GetAllowedDebugOptions() override;
+#endif
+
private:
void PollEvents() override;