Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

runtime: dll injection vulnerabilities on Windows [1.12 backport] #30666

Open
gopherbot opened this Issue Mar 8, 2019 · 6 comments

Comments

Projects
None yet
5 participants
@gopherbot
Copy link

gopherbot commented Mar 8, 2019

@bradfitz requested issue #30642 to be considered for backport to the next 1.12 minor release.

@gopherbot, please backport to Go 1.12.

@julieqiu

This comment has been minimized.

Copy link

julieqiu commented Mar 12, 2019

@bradfitz - there isn't a reason provided in the gopherbot message. Would you mind providing one for this backport?

@bradfitz

This comment has been minimized.

Copy link
Member

bradfitz commented Mar 12, 2019

Windows security issue. From the title: "dll injection vulnerabilities on Windows"

@julieqiu

This comment has been minimized.

Copy link

julieqiu commented Mar 12, 2019

Thanks! I'll mark this as CherryPickApproved since this is a security issue, per our policy at https://golang.org/wiki/MinorReleases.

@zx2c4

This comment has been minimized.

Copy link
Contributor

zx2c4 commented Mar 19, 2019

This appears to have missed 1.12.1. What's up?

@bradfitz

This comment has been minimized.

Copy link
Member

bradfitz commented Mar 19, 2019

@zx2c4, because we screwed up yet again. Last time we did this I filed #30422 to fix it in our release automation, but nobody's implemented that yet.

/cc @andybons @dmitshur @ianlancetaylor @katiehockman @FiloSottile @julieqiu

@gopherbot

This comment has been minimized.

Copy link
Author

gopherbot commented Mar 19, 2019

Change https://golang.org/cl/168339 mentions this issue: [release-branch.go1.12] runtime: safely load DLLs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.