From 1c7606cea18e908cf76201ce1534b0afdc04cc89 Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Fri, 13 Nov 2020 03:10:00 +0100
Subject: manager: allow S-1-5-32-556 users to launch a limited UI

I still have serious security reservations about this, both conceptually
-- should users be allowed to do this stuff? -- and pratically -- there
are issues with this implementation that need some examination.

TODO:
- Is that registry key a secure path? Should we double check it?
- Are we leaking handles to the unpriv'd process from the manager? Audit
  this too.
- IPC notifications are blocking. Should we move this to a go routine to
  mitigate DoS potential?
- Is GOB deserialization secure? Can an NCO user crash or RCE the
  manager?

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
 updater/msirunner_windows.go | 1 -
 1 file changed, 1 deletion(-)

(limited to 'updater')

diff --git a/updater/msirunner_windows.go b/updater/msirunner_windows.go
index 2f5ce5a4..d901274c 100644
--- a/updater/msirunner_windows.go
+++ b/updater/msirunner_windows.go
@@ -32,7 +32,6 @@ func (t *tempFile) ExclusivePath() string {
 	return t.Name()
 }
 
-
 func (t *tempFile) Delete() error {
 	if t.originalHandle == 0 {
 		name16, err := windows.UTF16PtrFromString(t.Name())
-- 
cgit v1.2.3-59-g8ed1b