New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DLL Hijack Clean Room Bundle #5724

Closed
robmen opened this Issue Nov 15, 2017 · 0 comments

Comments

Projects
None yet
2 participants
@robmen
Member

robmen commented Nov 15, 2017

  • Which version of WiX are you building with?

WiX v3.10.2 and newer

  • Which version of Visual Studio are you building with (if any)?

N/A

  • Which version of the WiX Toolset Visual Studio Extension are you building with (if any)?

N/A

  • Which version of .NET are you building with?

N/A

  • If the problem occurs when installing your packages built with WiX, what is the version of Windows the package is running on?

(Windows version)

  • Describe the problem and the steps to reproduce it.

Malicious software can monitor the Temp folder and quickly insert a DLL into the clean room folder to DLL hijack the Burn engine there. Thus, if a bundle is launched by the user elevated (such as Right click ->Run as administrator or launched from elevated command-prompt) the hijacking DLL will also be elevated.

  • Describe the behavior you expected and how it differed from the actual behavior.

Elevated bundles in the user context should not be able to be DLL hijacked.

@robmen robmen added this to the v3.14 milestone Nov 15, 2017

@robmen robmen self-assigned this Nov 15, 2017

robmen added a commit to robmen/wix3 that referenced this issue Nov 15, 2017

When elevated place clean room in system Temp folder
To prevent DLL hijacking the clean room process when launched elevated,
the system Temp folder will be used instead of the user's temp folder.
This ensures the user cannot slip malicious DLLs into the clean room.

Fixes wixtoolset/issues#5724

@barnson barnson added bug burn labels Nov 16, 2017

robmen added a commit to wixtoolset/wix3 that referenced this issue Nov 18, 2017

When elevated place clean room in system Temp folder
To prevent DLL hijacking the clean room process when launched elevated,
the system Temp folder will be used instead of the user's temp folder.
This ensures the user cannot slip malicious DLLs into the clean room.

Fixes wixtoolset/issues#5724

robmen added a commit to wixtoolset/wix3 that referenced this issue Nov 18, 2017

When elevated place clean room in system Temp folder
To prevent DLL hijacking the clean room process when launched elevated,
the system Temp folder will be used instead of the user's temp folder.
This ensures the user cannot slip malicious DLLs into the clean room.

Fixes wixtoolset/issues#5724

robmen added a commit to robmen/wix4 that referenced this issue Nov 18, 2017

When elevated place clean room in system Temp folder
To prevent DLL hijacking the clean room process when launched elevated,
the system Temp folder will be used instead of the user's temp folder.
This ensures the user cannot slip malicious DLLs into the clean room.

Fixes wixtoolset/issues#5724
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment