diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2020-11-13 03:10:00 +0100 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2020-11-22 22:00:32 +0100 |
commit | 1c7606cea18e908cf76201ce1534b0afdc04cc89 (patch) | |
tree | 56c591b462989278a9bc89fafe927d7347122db5 /ui/tunnelspage.go | |
parent | tunnel: only enable DNS blocking for 0/0 configs (diff) | |
download | wireguard-windows-1c7606cea18e908cf76201ce1534b0afdc04cc89.tar.xz wireguard-windows-1c7606cea18e908cf76201ce1534b0afdc04cc89.zip |
manager: allow S-1-5-32-556 users to launch a limited UI
I still have serious security reservations about this, both conceptually
-- should users be allowed to do this stuff? -- and pratically -- there
are issues with this implementation that need some examination.
TODO:
- Is that registry key a secure path? Should we double check it?
- Are we leaking handles to the unpriv'd process from the manager? Audit
this too.
- IPC notifications are blocking. Should we move this to a go routine to
mitigate DoS potential?
- Is GOB deserialization secure? Can an NCO user crash or RCE the
manager?
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to '')
-rw-r--r-- | ui/tunnelspage.go | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/ui/tunnelspage.go b/ui/tunnelspage.go index 791007cf..e59e8166 100644 --- a/ui/tunnelspage.go +++ b/ui/tunnelspage.go @@ -76,6 +76,7 @@ func NewTunnelsPage() (*TunnelsPage, error) { tp.fillerContainer.SetLayout(hlayout) tp.fillerButton, _ = walk.NewPushButton(tp.fillerContainer) tp.fillerButton.SetMinMaxSize(walk.Size{200, 0}, walk.Size{200, 0}) + tp.fillerButton.SetVisible(IsAdmin) tp.fillerButton.Clicked().Attach(func() { if tp.fillerHandler != nil { tp.fillerHandler() @@ -105,6 +106,7 @@ func NewTunnelsPage() (*TunnelsPage, error) { }) editTunnel.SetText(l18n.Sprintf("&Edit")) editTunnel.Clicked().Attach(tp.onEditTunnel) + editTunnel.SetVisible(IsAdmin) disposables.Spare() @@ -133,6 +135,7 @@ func (tp *TunnelsPage) CreateToolbar() error { hlayout := walk.NewHBoxLayout() hlayout.SetMargins(walk.Margins{}) toolBarContainer.SetLayout(hlayout) + toolBarContainer.SetVisible(IsAdmin) if tp.listToolbar, err = walk.NewToolBarWithOrientationAndButtonStyle(toolBarContainer, walk.Horizontal, walk.ToolBarButtonImageBeforeText); err != nil { return err @@ -206,34 +209,40 @@ func (tp *TunnelsPage) CreateToolbar() error { importAction2.SetText(l18n.Sprintf("&Import tunnel(s) from file…")) importAction2.SetShortcut(walk.Shortcut{walk.ModControl, walk.KeyO}) importAction2.Triggered().Attach(tp.onImport) + importAction2.SetVisible(IsAdmin) contextMenu.Actions().Add(importAction2) tp.ShortcutActions().Add(importAction2) addAction2 := walk.NewAction() addAction2.SetText(l18n.Sprintf("Add &empty tunnel…")) addAction2.SetShortcut(walk.Shortcut{walk.ModControl, walk.KeyN}) addAction2.Triggered().Attach(tp.onAddTunnel) + addAction2.SetVisible(IsAdmin) contextMenu.Actions().Add(addAction2) tp.ShortcutActions().Add(addAction2) exportAction2 := walk.NewAction() exportAction2.SetText(l18n.Sprintf("Export all tunnels to &zip…")) exportAction2.Triggered().Attach(tp.onExportTunnels) + exportAction2.SetVisible(IsAdmin) contextMenu.Actions().Add(exportAction2) contextMenu.Actions().Add(walk.NewSeparatorAction()) editAction := walk.NewAction() editAction.SetText(l18n.Sprintf("Edit &selected tunnel…")) editAction.SetShortcut(walk.Shortcut{walk.ModControl, walk.KeyE}) + editAction.SetVisible(IsAdmin) editAction.Triggered().Attach(tp.onEditTunnel) contextMenu.Actions().Add(editAction) tp.ShortcutActions().Add(editAction) deleteAction2 := walk.NewAction() deleteAction2.SetText(l18n.Sprintf("&Remove selected tunnel(s)")) deleteAction2.SetShortcut(walk.Shortcut{0, walk.KeyDelete}) + deleteAction2.SetVisible(IsAdmin) deleteAction2.Triggered().Attach(tp.onDelete) contextMenu.Actions().Add(deleteAction2) tp.listView.ShortcutActions().Add(deleteAction2) selectAllAction := walk.NewAction() selectAllAction.SetText(l18n.Sprintf("Select &all")) selectAllAction.SetShortcut(walk.Shortcut{walk.ModControl, walk.KeyA}) + selectAllAction.SetVisible(IsAdmin) selectAllAction.Triggered().Attach(tp.onSelectAll) contextMenu.Actions().Add(selectAllAction) tp.listView.ShortcutActions().Add(selectAllAction) |