diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2019-05-15 13:03:16 +0200 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2019-05-15 13:04:10 +0200 |
commit | a29975c3da64e04693bfe620aae47c22eafa069f (patch) | |
tree | 4ee114995fcf5989ea5d494ae8e276e52ba668c3 | |
parent | service: move WTS upstream (diff) | |
download | wireguard-windows-a29975c3da64e04693bfe620aae47c22eafa069f.tar.xz wireguard-windows-a29975c3da64e04693bfe620aae47c22eafa069f.zip |
ui: drop permissions
Diffstat (limited to '')
-rw-r--r-- | attacksurface.md | 1 | ||||
-rw-r--r-- | main.go | 4 | ||||
-rw-r--r-- | service/service_tunnel.go | 2 | ||||
-rw-r--r-- | service/tokens.go | 2 |
4 files changed, 7 insertions, 2 deletions
diff --git a/attacksurface.md b/attacksurface.md index f843cc75..f2b56d08 100644 --- a/attacksurface.md +++ b/attacksurface.md @@ -36,6 +36,7 @@ The manager service is a userspace service running as Local System, responsible The UI is a process running for each user who is in the Administrators group (per the above), running with the elevated high integrity linked token. It exposes: - Since the UI process is executed with an elevated token, it runs at high integrity and should be immune to various shatter attacks, modulo the great variety of clever bypasses in the latest Windows release. + - It uses `AdjustTokenPrivileges` to remove all privileges. - It renders highlighted config files to a msftedit.dll control, which typically is capable of all sorts of OLE and RTF nastiness that we make some attempt to avoid. ### Updates @@ -171,6 +171,10 @@ func main() { if len(os.Args) != 6 { usage() } + err := service.DropAllPrivileges() + if err != nil { + fatal(err) + } readPipe, err := pipeFromHandleArgument(os.Args[2]) if err != nil { fatal(err) diff --git a/service/service_tunnel.go b/service/service_tunnel.go index 3c09ed77..be1eff69 100644 --- a/service/service_tunnel.go +++ b/service/service_tunnel.go @@ -151,7 +151,7 @@ func (service *tunnelService) Execute(args []string, r <-chan svc.ChangeRequest, } logger.Info.Println("Dropping all privileges") - err = dropAllPrivileges() + err = DropAllPrivileges() if err != nil { serviceError = ErrorDropPrivileges return diff --git a/service/tokens.go b/service/tokens.go index dba4cd62..f203f268 100644 --- a/service/tokens.go +++ b/service/tokens.go @@ -61,7 +61,7 @@ func TokenIsMemberOfBuiltInAdministrator(token windows.Token) bool { return isAdmin } -func dropAllPrivileges() error { +func DropAllPrivileges() error { processHandle, err := windows.GetCurrentProcess() if err != nil { return err |