x/build/release: Windows installation has misconfigured ACL: privilege escalation possible between users #35575
The Golang msi installer in Windows install by default Go in C:\Go location.
PS C:\Go> icacls . BUILTIN\Administrators:(I)(OI)(CI)(F) NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F) BUILTIN\Users:(I)(OI)(CI)(RX) NT AUTHORITY\Authenticated Users:(I)(M) NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(IO)(M)
This means that in a shared Windows environment, is it possible to exploit this insecure ACL to replace/backdoor go.exe binaries, dll and so on.
Scenario Local Privilege Escalation
A Standard User backdoor go.exe, waits for an Administrator to log in and run "go ..." or another component under C:\Go to successfully execute code under the latter elevated context.
Scenario Horizontal Privilege Escalation
A Standard User can backdoor/replace any component under C:\Go and wait for another Standard User to login and run Golang environment to achieve code execution in the context of the target user.
What version of Go are you using (
The text was updated successfully, but these errors were encountered: