Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DLL Hijack Clean Room Bundle #5724

Closed
robmen opened this issue Nov 15, 2017 · 0 comments
Closed

DLL Hijack Clean Room Bundle #5724

robmen opened this issue Nov 15, 2017 · 0 comments
Assignees
@robmen
Labels
bug burn
Milestone
v3.14

Comments

@robmen
Copy link
Member

robmen commented Nov 15, 2017

  • Which version of WiX are you building with?

WiX v3.10.2 and newer

  • Which version of Visual Studio are you building with (if any)?

N/A

  • Which version of the WiX Toolset Visual Studio Extension are you building with (if any)?

N/A

  • Which version of .NET are you building with?

N/A

  • If the problem occurs when installing your packages built with WiX, what is the version of Windows the package is running on?

(Windows version)

  • Describe the problem and the steps to reproduce it.

Malicious software can monitor the Temp folder and quickly insert a DLL into the clean room folder to DLL hijack the Burn engine there. Thus, if a bundle is launched by the user elevated (such as Right click ->Run as administrator or launched from elevated command-prompt) the hijacking DLL will also be elevated.

  • Describe the behavior you expected and how it differed from the actual behavior.

Elevated bundles in the user context should not be able to be DLL hijacked.
@robmen robmen added this to the v3.14 milestone Nov 15, 2017
@robmen robmen self-assigned this Nov 15, 2017
@robmen robmen mentioned this issue Nov 15, 2017
Merged
robmen added a commit to wixtoolset/wix3 that referenced this issue Nov 18, 2017
@robmen
When elevated place clean room in system Temp folder
2202598 
To prevent DLL hijacking the clean room process when launched elevated,
the system Temp folder will be used instead of the user's temp folder.
This ensures the user cannot slip malicious DLLs into the clean room.

Fixes wixtoolset/issues#5724
robmen added a commit to wixtoolset/wix3 that referenced this issue Nov 18, 2017
@robmen
When elevated place clean room in system Temp folder
19b5f04 
To prevent DLL hijacking the clean room process when launched elevated,
the system Temp folder will be used instead of the user's temp folder.
This ensures the user cannot slip malicious DLLs into the clean room.

Fixes wixtoolset/issues#5724
@andrewderryfarrell andrewderryfarrell mentioned this issue Jun 5, 2018
Closed
@renehuesgen renehuesgen mentioned this issue Jan 21, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@robmen robmen

Labels
bug burn
Projects
None yet
Milestone
v3.14
Development

No branches or pull requests
2 participants
@robmen @barnson