Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Missing signatures [Windows] #602

Open
nluck opened this issue Jun 26, 2019 · 5 comments

Comments

Projects
None yet
2 participants
@nluck
Copy link

commented Jun 26, 2019

On Windows, most files containing executable code (DLLs) have not been signed at all, and some only by the original vendor (not StandardNotes). Also, while the original installer is signed, the built-in updater is directly calling on executable code files which have not been signed.

This means it is currently not possible to use StandardNotes in environments using signature-based code integrity enforcement.

@mobitar

This comment has been minimized.

Copy link
Member

commented Jun 26, 2019

Can you post specifics? As far as I know the entire package should be signed.

@nluck

This comment has been minimized.

Copy link
Author

commented Jun 26, 2019

Hey, thank your for your response!

There's two points where signatures are missing:

  1. Certain third-party files containing executable code (in this case: DLLs) are not signed. For example: ffmpeg.dll, node.dll, among others.
  2. The installer/updater uses an "external" file containing executable code (nsis7z.dll) stored in an external folder (AppData/Local/Temp/), probably to decompress files.

Both open the user up to the risk of DLL hijacking, especially because the installation directory from where the executable code is sourced is user-writable. Security solutions which use digital signatures to validate or restrict executed code don't rely on the primary executable file (in this case: Standard Notes.exe), but also check dynamically loaded code from other files for valid signatures.

@mobitar

This comment has been minimized.

Copy link
Member

commented Jun 26, 2019

We use electron-builder to manage executable signing. It's possible however that we're running an older version, and that there are improvements to this area in new releases. Will have to check recent discussions on that repo.

@nluck

This comment has been minimized.

Copy link
Author

commented Jun 26, 2019

Ah, it seems you are using an older version of electron-builder which does not support the (optional) DLL signing feature.

Newer releases do support that feature using the signDlls switch, see here.

@mobitar

This comment has been minimized.

Copy link
Member

commented Jun 28, 2019

Nice, glad to see that's implemented. Will hopefully enable this when we update electron-builder.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.