• Jason A. Donenfeld's avatar
    [release-branch.go1.12] os: pass correct environment when creating Windows processes · afcfe0d3
    Jason A. Donenfeld authored
    This is CVE-2019-11888.
    
    Previously, passing a nil environment but a non-nil token would result
    in the new potentially unprivileged process inheriting the parent
    potentially privileged environment, or would result in the new
    potentially privileged process inheriting the parent potentially
    unprivileged environment. Either way, it's bad. In the former case, it's
    an infoleak. In the latter case, it's a possible EoP, since things like
    PATH could be overwritten.
    
    Not specifying an environment currently means, "use the existing
    environment". This commit amends the behavior to be, "use the existing
    environment of the token the process is being created for." The behavior
    therefore stays the same when creating processes without specifying a
    token. And it does the correct thing when creating processes when
    specifying a token.
    
    Updates #32000
    Fixes #32081
    
    Change-Id: Ib4a90cfffb6ba866c855f66f1313372fdd34ce41
    Reviewed-on: https://go-review.googlesource.com/c/go/+/177538
    Run-TryBot: Jason Donenfeld <Jason@zx2c4.com>
    TryBot-Result: Gobot Gobot <gobot@golang.org>
    Reviewed-by: default avatarIan Lance Taylor <iant@golang.org>
    afcfe0d3
zsyscall_windows.go 12.8 KB