fleet icon indicating copy to clipboard operation
fleet copied to clipboard
verified publisher icon fleetdm

Avoid privileged file operations on windows temp directory

Open marcosd4h opened this issue 3 years ago • 0 comments

Goal

TODO On windows, Orbit should not perform file operations on %windir%\temp (this resolves to c:\windows\temp on default installations)

The main issue here is that Orbit runs with SYSTEM privileges on Windows, and file operation on user-writable directories such as %windir%\temp can be abused to exploit multiple types of security bugs.

Privileged file operation abuses have been documented in the past, see here, here, and here.

Example exploits for file operations on %windir%\temp can be seen here, here, and here.

This is related to issues #6479 and #7425.

How?

We should try to use our own work directory at %localappdata% whenever possible. A good target directory to use could probably be %localappdata%\FleetDM\Orbit

The %localappdata% directory for SYSTEM user can be obtained by calling os.UserCacheDir() in go

marcosd4h avatar Sep 14 '22 15:09 marcosd4h