Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Sign upwindows/certificates: Improve table completeness for Personal certificates for system accounts #5696
Conversation
When proactively searching disk for personal certificates, there is no need to filter system accounts (SYSTEM, Local Service, etc) anymore because `findUserPersonalCertsOnDisk` is now capable of handling those accounts by dynamically finding a user's home dir (as rather than constructing a hard coded path). This now makes the table even more complete; any certificates found in the system accounts directories will always be found. Previously they could be found but only if there was a store location other than the `Users` store location that had a system store string that looked like `S-1-5-18\My` or `.DEFAULT\My`.
|
|
alessandrogario
merged commit 59a68ad
into
osquery:master
13 checks passed
13 checks passed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Small follow up to #5640.
When proactively searching disk for personal certificates, there is no
need to filter system accounts (SYSTEM, Local Service, etc) anymore
because
findUserPersonalCertsOnDiskis now capable of handling thoseaccounts by dynamically finding a user's home dir (rather than by
constructing a hard coded path).
This now makes the table even more complete; any certificates found in
the system accounts directories will always be found. Previously they
could be found but only if there was a store location other than the
Usersstore location that had a system store string that looked likeS-1-5-18\Myor.DEFAULT\My.This is what it looked like previously. This is on a system where there are no store locations other than Users that have a system store string like the above two. However, there is a certificate installed into the Local System certificate directory.
This is with the PR.
