path: root/attacksurface.md
diff options
authorJason A. Donenfeld <Jason@zx2c4.com>2019-05-14 17:00:10 +0200
committerJason A. Donenfeld <Jason@zx2c4.com>2019-05-14 17:10:50 +0200
commitbfdb3aa855de75d91c5d191ef116c651feb0fcfc (patch)
treea3050b6130f1eef70baccfe7305a7a7884c4e153 /attacksurface.md
parentservice: drop all privileges for tunnel service (diff)
service: clean up token mangling
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'attacksurface.md')
1 files changed, 1 insertions, 1 deletions
diff --git a/attacksurface.md b/attacksurface.md
index 9b58339e..d9b32f5a 100644
--- a/attacksurface.md
+++ b/attacksurface.md
@@ -19,7 +19,7 @@ The tunnel service is a userspace service running as Local System, responsible f
- A listening pipe in `\\.\pipe\WireGuard\%s`, where `%s` is some basename of an already valid filename. Its permissions are set to `O:SYD:(A;;GA;;;SY)`, which presumably means only the "Local System" user can access it and do things, but it might be worth double checking that. This pipe gives access to private keys and allows for reconfiguration of the interface, as well as rebinding to different ports (below 1024, even).
- It handles data from its two UDP sockets, accessible to the public Internet.
- It handles data from Wintun, accessible to all users who can do anything with the network stack.
- - It does not yet drop privileges.
+ - After some initial setup, it uses `AdjustTokenPrivileges` to remove all privileges.
### Manager Service