Cypherpunks repositories - gostls13.git/commit

author	Jason A. Donenfeld <Jason@zx2c4.com>
	Sun, 12 May 2019 12:34:30 +0000 (14:34 +0200)
committer	Alex Brainman <alex.brainman@gmail.com>
	Thu, 16 May 2019 10:24:10 +0000 (10:24 +0000)
commit	12279faa727696a78d849be8a16c470a344b24a8
tree	cc862d65be91075933c3d0a8a60fde46c0450555	tree
parent	fba60669751a5362c43e3bdee8455bed3fa275b2	commit \| diff

os: pass correct environment when creating Windows processes

This is CVE-2019-11888.

Previously, passing a nil environment but a non-nil token would result
in the new potentially unprivileged process inheriting the parent
potentially privileged environment, or would result in the new
potentially privileged process inheriting the parent potentially
unprivileged environment. Either way, it's bad. In the former case, it's
an infoleak. In the latter case, it's a possible EoP, since things like
PATH could be overwritten.

Not specifying an environment currently means, "use the existing
environment". This commit amends the behavior to be, "use the existing
environment of the token the process is being created for." The behavior
therefore stays the same when creating processes without specifying a
token. And it does the correct thing when creating processes when
specifying a token.

Fixes #32000

Change-Id: Ia57f6e89b97bdbaf7274d6a89c1d9948b6d40ef5
Reviewed-on: https://go-review.googlesource.com/c/go/+/176619
Run-TryBot: Jason Donenfeld <Jason@zx2c4.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Alex Brainman <alex.brainman@gmail.com>

src/internal/syscall/windows/syscall_windows.go		diff \| blob \| history
src/internal/syscall/windows/zsyscall_windows.go		diff \| blob \| history
src/os/env_default.go	[new file with mode: 0644]	blob
src/os/env_windows.go	[new file with mode: 0644]	blob
src/os/exec_posix.go		diff \| blob \| history