Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

windows: remove LazyDLL calls for system modules #19925

Merged
merged 2 commits into from
Feb 9, 2024
Merged

windows: remove LazyDLL calls for system modules #19925

merged 2 commits into from
Feb 9, 2024

Conversation

tgross
Copy link
Member

@tgross tgross commented Feb 8, 2024
edited
Loading

On Windows, Nomad uses syscall.NewLazyDLL and syscall.LoadDLL functions to load a few system DLL files, which does not prevent DLL hijacking attacks. Hypothetically a local attacker on the client host that can place an abusive library in a specific location could use this to escalate privileges to the Nomad process. Although this attack does not fall within the Nomad security model, it doesn't hurt to follow good practices here.

We can remove two of these DLL loads by using wrapper functions provided by the stdlib in x/sys/windows

Fixes: https://github.com/hashicorp/nomad-enterprise/issues/991

@tgross tgross added this to the 1.7.x milestone Feb 8, 2024
@dduzgun-security @tgross
windows: remove LazyDLL calls for system modules
66e2f12 
On Windows, Nomad uses `syscall.NewLazyDLL` and `syscall.LoadDLL` functions to
load a few system DLL files, which does not prevent DLL hijacking
attacks. Hypothetically a local attacker on the client host that can place an
abusive library in a specific location could use this to escalate privileges to
the Nomad process. Although this attack does not fall within the Nomad security
model, it doesn't hurt to follow good practices here.

We can remove two of these DLL loads by using wrapper functions provided by the
stdlib in `x/sys/windows`
@tgross
Copy link
Member Author

tgross commented Feb 8, 2024
edited
Loading

I did a smoke test of the executor and that LGTM. Also did a quick smoke test of the makeDf change, which shows what I'd expect in the fingerprint:

node-status-self

schmichael
schmichael approved these changes Feb 8, 2024
View reviewed changes
Copy link
Member

@schmichael schmichael left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not a blocker

command/agent/host/windows.go Outdated Show resolved Hide resolved
@tgross tgross added backport/1.5.x backport to 1.5.x release line backport/1.6.x backport to 1.6.x release line backport/1.7.x backport to 1.7.x release line labels Feb 9, 2024
@tgross tgross merged commit 110d93a into main Feb 9, 2024
24 of 25 checks passed
@tgross tgross deleted the b-lazydll branch February 9, 2024 13:47
This was referenced Feb 9, 2024
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dduzgun-security dduzgun-security dduzgun-security approved these changes

@schmichael schmichael schmichael approved these changes

Assignees
No one assigned
Labels
backport/1.5.x backport to 1.5.x release line backport/1.6.x backport to 1.6.x release line backport/1.7.x backport to 1.7.x release line theme/platform-windows theme/security type/enhancement
Projects
None yet
Milestone
1.7.x
Development

Successfully merging this pull request may close these issues.
3 participants
@tgross @schmichael @dduzgun-security