New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

syscall: modest improvement to Windows DLL-preloading protection #29335

Open
jazzy-crane opened this Issue Dec 19, 2018 · 1 comment

Comments

Projects
None yet
4 participants
@jazzy-crane
Copy link

jazzy-crane commented Dec 19, 2018

What version of Go are you using (go version)?

go version go1.11 windows/amd64

Does this issue reproduce with the latest release?

yes

What operating system and processor architecture are you using (go env)?

go env Output
set GOARCH=amd64
set GOBIN=
set GOCACHE=C:\Users\Alex\AppData\Local\go-build
set GOEXE=.exe
set GOFLAGS=
set GOHOSTARCH=amd64
set GOHOSTOS=windows
set GOOS=windows
set GOPATH=C:\MyGo
set GOPROXY=
set GORACE=
set GOROOT=C:\Go
set GOTMPDIR=
set GOTOOLDIR=C:\Go\pkg\tool\windows_amd64
set GCCGO=gccgo
set CC=gcc
set CXX=g++
set CGO_ENABLED=1
set GOMOD=
set CGO_CFLAGS=-g -O2
set CGO_CPPFLAGS=
set CGO_CXXFLAGS=-g -O2
set CGO_FFLAGS=-g -O2
set CGO_LDFLAGS=-LC:/winsdklibs64
set PKG_CONFIG=pkg-config
set GOGCCFLAGS=-m64 -mthreads -fmessage-length=0 -fdebug-prefix-map=C:\Users\Alex\AppData\Local\Temp\go-build831000242=/tmp/go-build -gno-record-gcc-switches

What did you do?

I'm looking into protecting my project from DLL-preloading attacks. Many of the vendored libraries I use use the syscall/windows LoadDLL call rather than the safer x/sys/windows LazySystemDLL method.

I note that syscall/windows LoadDLL has some limited protection for a preset list of system DLLs via sysdll.IsSystemDLL . However this is case-sensitive, when LoadLibrary etc. are case insensitive. Therefore:

windows.LoadDLL("advapi32.dll") is protected but windows.LoadDLL("Advapi32.dll") is not

A simple tweak would be to string.ToUpper in sysdll.Add and string.ToUpper in the check in LoadDLL

@ALTree ALTree changed the title Modest improvement to Windows DLL-preloading protection syscall: modest improvement to Windows DLL-preloading protection Dec 19, 2018

@ALTree ALTree added this to the Go1.13 milestone Dec 19, 2018

@bradfitz bradfitz added the Security label Dec 19, 2018

@as

This comment has been minimized.

Copy link
Contributor

as commented Dec 20, 2018

Is there any advantage to using ToUpper instead of the more-ubiqutous output of ToLower?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment