Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

syscall: modest improvement to Windows DLL-preloading protection #29335

Open
jazzy-crane opened this issue Dec 19, 2018 · 2 comments
Open

syscall: modest improvement to Windows DLL-preloading protection #29335

jazzy-crane opened this issue Dec 19, 2018 · 2 comments
Labels
NeedsDecision OS-Windows Security
Milestone
Backlog

Comments

@jazzy-crane
Copy link

@jazzy-crane jazzy-crane commented Dec 19, 2018

What version of Go are you using (go version)?

go version go1.11 windows/amd64

Does this issue reproduce with the latest release?

yes

What operating system and processor architecture are you using (go env)?

go env Output
set GOARCH=amd64
set GOBIN=
set GOCACHE=C:\Users\Alex\AppData\Local\go-build
set GOEXE=.exe
set GOFLAGS=
set GOHOSTARCH=amd64
set GOHOSTOS=windows
set GOOS=windows
set GOPATH=C:\MyGo
set GOPROXY=
set GORACE=
set GOROOT=C:\Go
set GOTMPDIR=
set GOTOOLDIR=C:\Go\pkg\tool\windows_amd64
set GCCGO=gccgo
set CC=gcc
set CXX=g++
set CGO_ENABLED=1
set GOMOD=
set CGO_CFLAGS=-g -O2
set CGO_CPPFLAGS=
set CGO_CXXFLAGS=-g -O2
set CGO_FFLAGS=-g -O2
set CGO_LDFLAGS=-LC:/winsdklibs64
set PKG_CONFIG=pkg-config
set GOGCCFLAGS=-m64 -mthreads -fmessage-length=0 -fdebug-prefix-map=C:\Users\Alex\AppData\Local\Temp\go-build831000242=/tmp/go-build -gno-record-gcc-switches

What did you do?

I'm looking into protecting my project from DLL-preloading attacks. Many of the vendored libraries I use use the syscall/windows LoadDLL call rather than the safer x/sys/windows LazySystemDLL method.

I note that syscall/windows LoadDLL has some limited protection for a preset list of system DLLs via sysdll.IsSystemDLL . However this is case-sensitive, when LoadLibrary etc. are case insensitive. Therefore:

windows.LoadDLL("advapi32.dll") is protected but windows.LoadDLL("Advapi32.dll") is not

A simple tweak would be to string.ToUpper in sysdll.Add and string.ToUpper in the check in LoadDLL
@ALTree ALTree changed the title Modest improvement to Windows DLL-preloading protection syscall: modest improvement to Windows DLL-preloading protection Dec 19, 2018
@ALTree ALTree added OS-Windows NeedsDecision labels Dec 19, 2018
@ALTree ALTree added this to the Go1.13 milestone Dec 19, 2018
@as
Copy link
Contributor

@as as commented Dec 20, 2018

Is there any advantage to using ToUpper instead of the more-ubiqutous output of ToLower?

@andybons andybons removed this from the Go1.13 milestone Jul 8, 2019
@andybons andybons added this to the Go1.14 milestone Jul 8, 2019
@rsc rsc removed this from the Go1.14 milestone Oct 9, 2019
@rsc rsc added this to the Backlog milestone Oct 9, 2019
@jazzy-crane
Copy link
Author

@jazzy-crane jazzy-crane commented Nov 6, 2019

No advantage, just looking for a case insensitive comparison. I think strings.EqualFold does the same thing?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
NeedsDecision OS-Windows Security
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
6 participants
@bradfitz @rsc @andybons @ALTree @as @jazzy-crane