Skip to content

windows: mitigate possible escalation of privileges #247

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Dec 25, 2020
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
windows: mitigate possible escalation of privileges
Closes: #3201

Reported by @zubrahzz

ref. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28169

In the previous version, NT AUTHORITY\Authenticated Users:(I)(M) is
granted. It means that logged in users can replace any files under
opt/td-agent/bin. It also allows for attacker to gain administrative
privileges by replacing these files because these files are executed
as a local services with SYSTEM privilege.
  • Loading branch information
kenhys committed Dec 25, 2020
commit 6f9cb6393392d62caa99907c0ebbcbab6b94a3f1
13 changes: 13 additions & 0 deletions td-agent/msi/source.wxs
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,18 @@
<Directory Id="WINDOWSVOLUME">
<Directory Id="OPTLOCATION" Name="opt">
<Directory Id="PROJECTLOCATION" Name="td-agent">
<Component Id="TDAgentAcl" Guid="b0504030-258a-0139-ba33-7085c2f4281d">
<CreateFolder>
<!--
Read/Execute: Builtin Users
All:: Builtin Administrators, Service, System account(by default)
-->
<Permission User="Users" GenericExecute="yes" GenericRead="yes" Traverse="yes"/>
<Permission User="Administrators" GenericAll="yes" Traverse="yes"/>
<Permission User="NT SERVICE\TrustedInstaller" GenericAll="yes" Traverse="yes"/>
<Permission User="CREATOR OWNER" GenericAll="yes" Traverse="yes"/>
</CreateFolder>
</Component>
</Directory>
</Directory>
</Directory>
Expand Down Expand Up @@ -87,6 +99,7 @@
<ComponentRef Id="ApplicationShortcut" />
<ComponentRef Id="TDAgentConf" />
<ComponentRef Id="TDAgentBat" />
<ComponentRef Id="TDAgentAcl" />
</Feature>

<!-- UI Stuff -->
Expand Down