Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

implement rules and recommendations of SITRE on Windows process API related tasks #3

Closed
13 tasks done
matu3ba opened this issue Dec 30, 2023 · 2 comments
Closed
13 tasks done

implement rules and recommendations of SITRE on Windows process API related tasks #3

matu3ba opened this issue Dec 30, 2023 · 2 comments

Comments

@matu3ba
Copy link
Owner

matu3ba commented Dec 30, 2023
edited
Loading

https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=87151933

Recommendations

  1. WIN00-C. Be specific when dynamically loading libraries LoadLibraryEx (without PATH and include paths)
  2. WIN01-C. Do not forcibly terminate execution
  3. WIN02-C. Restrict privileges when spawning child processes
  • unfeasible in libstd => heavily platform based
  • CreateProcessAsUserW (Unix equivalent), CreateProcessWithTokenW (no unix equivalent) + API to drop permissions
  • setuid + capsdrop
  • win32k mitigation (nonsensical ERROR_OUTOFMEMORY on 2nd faiure of LoadLibrary)
  • seccomp filter
  1. WIN03-C. Understand HANDLE inheritance
  • can be disabled in CreateProcess (not generally useful for libstd)
  • can be disabled on each handle (implemented here; sounds like a good addition to libst)
  • can be attached to security handle at HANDLE creation for CreateProcess (not generally useful for libstd)
  • can be explicitly set in list (requires to be enabled on each HANDLE and erach HANDLE in list must be valid and non-null) for CreateProcess
  • is automatically inherited if enabled in CreateProcess and at HANDLE (without security handle and list approach)
  1. WIN04-C. Consider encrypting function pointers
  • encrypting longterm global pointers without shadow stack sounds useless
  • not generealizable and only increases amount of followup bytes attacker must control

Rule

  1. WIN30-C. Properly pair allocation and deallocation functions
@matu3ba
Copy link
Owner Author

matu3ba commented Jan 2, 2024
edited
Loading

Tasks for libstd done, upstreaming is pending a fix to #1.

Tomorrow: Upstreaming. Might require bootstrapping.

@matu3ba matu3ba mentioned this issue Jan 2, 2024
Open
@matu3ba
Copy link
Owner Author

matu3ba commented Jan 9, 2024

Use upstreaming issue #8 instead to reduce noise.

@matu3ba matu3ba closed this as completed Jan 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@matu3ba