diff options
| author |   Jason A. Donenfeld <Jason@zx2c4.com> | 2020-11-23 17:28:25 +0100 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2020-11-23 17:40:25 +0100 |
| commit | 2e011f5fc8569952036e53265936644eb240cfe5 (patch) | |
| tree | 57fa3ae088fb0b1bc0d612da8f0f33f2991b4190 | |
| parent | version: bump (diff) | |
| download | wireguard-windows-2e011f5fc8569952036e53265936644eb240cfe5.tar.xz wireguard-windows-2e011f5fc8569952036e53265936644eb240cfe5.zip | |
docs: trim double backtick and header level
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
| -rw-r--r-- | docs/adminregistry.md | 2 | ||||
| -rw-r--r-- | docs/attacksurface.md | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/docs/adminregistry.md b/docs/adminregistry.md index 384ad22c..f7d04409 100644 --- a/docs/adminregistry.md +++ b/docs/adminregistry.md @@ -1,4 +1,4 @@ -## Registry Keys for Admins +# Registry Keys for Admins These are advanced configuration knobs that admins can set to do unusual things that are not recommended. There is no UI to enable these, and no such thing is diff --git a/docs/attacksurface.md b/docs/attacksurface.md index 5a3d4d36..6dca229f 100644 --- a/docs/attacksurface.md +++ b/docs/attacksurface.md @@ -32,7 +32,7 @@ The manager service is a userspace service running as Local System, responsible - It manages DPAPI-encrypted configuration files in `C:\Program Files\WireGuard\Data`, which is created with `O:SYG:SYD:PAI(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)`, and makes some effort to enforce good configuration filenames. - The actual DPAPI-encrypted configuration files are created with `O:SYG:SYD:PAI(A;;FA;;;SY)(A;;SD;;;BA)`. - It uses `WTSEnumerateSessions` and `WTSSESSION_NOTIFICATION` to walk through each available session. It then uses `WTSQueryUserToken` to get the token belonging to each session and then determines whether or not it is an administrator token. To determine that, it calls `CheckTokenMembership(CreateWellKnownSid(WinBuiltinAdministratorsSid))` on a duplicated impersonation token, as well as and calling `GetTokenInformation(TokenElevation)` on it. If either of these are false, then it fetched the linked token using `GetTokenInformation(TokenLinkedToken)` and queries the same. Only then does it spawn the UI process as that the elevated user token, passing it three unnamed pipe handles for IPC and the log mapping handle, as described above. - - In the event that the administrator has set `HKLM\Software\WireGuard\LimitedOperatorUI` to 1, sessions are started for users that are a member of group S-1-5-32-556 (determined sing ``CheckTokenMembership(CreateWellKnownSid(WinBuiltinNetworkConfigurationOperatorsSid))` on it and its linked token), with a more limited IPC interface, in which these non-admin users are denied private keys and tunnel editing rights. (This means users can potentially DoS the IPC server by draining notifications too slowly, or exhausting memory of the manager by spawning too many watcher go routines, or by sending garbage data that Go's `gob` decoder isn't expecting.) + - In the event that the administrator has set `HKLM\Software\WireGuard\LimitedOperatorUI` to 1, sessions are started for users that are a member of group S-1-5-32-556 (determined sing `CheckTokenMembership(CreateWellKnownSid(WinBuiltinNetworkConfigurationOperatorsSid))` on it and its linked token), with a more limited IPC interface, in which these non-admin users are denied private keys and tunnel editing rights. (This means users can potentially DoS the IPC server by draining notifications too slowly, or exhausting memory of the manager by spawning too many watcher go routines, or by sending garbage data that Go's `gob` decoder isn't expecting.) ### UI |