Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

os: TempDir should use GetTempPath2 when available on Windows #56899

Open
qmuntal opened this issue Nov 22, 2022 · 4 comments
Open

os: TempDir should use GetTempPath2 when available on Windows #56899

qmuntal opened this issue Nov 22, 2022 · 4 comments

Comments

@qmuntal
Copy link
Contributor

qmuntal commented Nov 22, 2022

Proposal

os.TempDir should use GetTempPath2 when available.

This new API is a security hardening that ensures temporary files owned by SYSTEM-processes and not reachable to non-SYSTEM processes.

Background

Windows 11 introduced a new API to retrieve the path of the directory designated for temporary files, GetTempPath2.

When calling this function from a process running as SYSTEM it will return the path C:\Windows\SystemTemp, which is inaccessible to non-SYSTEM processes. For non-SYSTEM processes, GetTempPath2 will behave the same as GetTempPath.

The GetTempPath docs added this recommendation:

Apps should call GetTempPath2 instead of GetTempPath.

Go would not be a first mover here, a bunch of other frameworks and languages are already using this new API: dotnet/runtime#72452, rust-lang/rust#89999, microsoft/STL#2302, and microsoft/react-native-windows@b5c3df5.

There is on theoretical backwards compatibly break if we do this change: communication via temporary files between SYSTEM and non-SYSTEM process would no longer work. This scenario is niche enough to justify breaking it in favor of a security improvement for the 99,99%. The workaround would be to call syscall.GetTempPath instead of os.TempDir.

@golang/windows

@gopherbot gopherbot added this to the Proposal milestone Nov 22, 2022
@qmuntal qmuntal changed the title proposal: os: use GetTempPath2 when available on Windows proposal: os: TempDir should GetTempPath2 when available on Windows Nov 22, 2022
@qmuntal qmuntal changed the title proposal: os: TempDir should GetTempPath2 when available on Windows proposal: os: TempDir should use GetTempPath2 when available on Windows Nov 22, 2022
@bcmills
Copy link
Member

bcmills commented Nov 22, 2022

This new API is a security hardening that ensures temporary files owned by SYSTEM-processes and not reachable to non-SYSTEM processes.

(CC @golang/security)

@rolandshoemaker
Copy link
Member

rolandshoemaker commented Nov 22, 2022

Seems like the right thing to do.

@alexbrainman
Copy link
Member

alexbrainman commented Nov 22, 2022

I agree that we should do this.

Thank you.

Alex

@rsc
Copy link
Contributor

rsc commented Nov 30, 2022

No change in consensus, so accepted. 🎉
This issue now tracks the work of implementing the proposal.
— rsc for the proposal review group

@rsc rsc changed the title proposal: os: TempDir should use GetTempPath2 when available on Windows os: TempDir should use GetTempPath2 when available on Windows Nov 30, 2022
@rsc rsc modified the milestones: Proposal, Backlog Nov 30, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Status: Accepted
Development

No branches or pull requests

6 participants