-
Notifications
You must be signed in to change notification settings - Fork 17.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
os: windows processes started with foreign token inherit the wrong environment [CVE-2019-11888] [1.12 backport] #32081
Comments
Standard way to to this is to write:
in the main issue. |
This comment has been minimized.
This comment has been minimized.
Ops, it did it even if it was in a quote block... fixing this. |
Closed this one, wrote the magic words in the other one. |
Welp, I guess we've confused gopherbot now. Probably add "CherryPickCandidate" or something manually? |
Change https://golang.org/cl/177538 mentions this issue: |
Done. I hope we didn't confuse him too much. Well, the backport issue here is correctly labelled and it's in the right milestone, so it should be fine. Let's keep an eye on this issue in any case. |
…ndows processes This is CVE-2019-11888. Previously, passing a nil environment but a non-nil token would result in the new potentially unprivileged process inheriting the parent potentially privileged environment, or would result in the new potentially privileged process inheriting the parent potentially unprivileged environment. Either way, it's bad. In the former case, it's an infoleak. In the latter case, it's a possible EoP, since things like PATH could be overwritten. Not specifying an environment currently means, "use the existing environment". This commit amends the behavior to be, "use the existing environment of the token the process is being created for." The behavior therefore stays the same when creating processes without specifying a token. And it does the correct thing when creating processes when specifying a token. Updates #32000 Fixes #32081 Change-Id: Ib4a90cfffb6ba866c855f66f1313372fdd34ce41 Reviewed-on: https://go-review.googlesource.com/c/go/+/177538 Run-TryBot: Jason Donenfeld <Jason@zx2c4.com> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org>
Looks like this was merged and it did not get closed. |
We should probably backport #32000. IIRC, I'm supposed to open an issue for it.
The text was updated successfully, but these errors were encountered: