Cypherpunks repositories - gostls13.git/commit

author	Jason A. Donenfeld <Jason@zx2c4.com>
	Sun, 12 May 2019 12:34:30 +0000 (14:34 +0200)
committer	Ian Lance Taylor <iant@golang.org>
	Fri, 17 May 2019 14:26:32 +0000 (14:26 +0000)
commit	afcfe0d3c2980722af0dc55a3422c19cc53f5a65
tree	7f1da06e4c5b8f3ea84b46a322c48baca6a9371f	tree
parent	ecf7695c7dcfc04becde0beec0e1c5f583b42e9e	commit \| diff

[release-branch.go1.12] os: pass correct environment when creating Windows processes

This is CVE-2019-11888.

Previously, passing a nil environment but a non-nil token would result
in the new potentially unprivileged process inheriting the parent
potentially privileged environment, or would result in the new
potentially privileged process inheriting the parent potentially
unprivileged environment. Either way, it's bad. In the former case, it's
an infoleak. In the latter case, it's a possible EoP, since things like
PATH could be overwritten.

Not specifying an environment currently means, "use the existing
environment". This commit amends the behavior to be, "use the existing
environment of the token the process is being created for." The behavior
therefore stays the same when creating processes without specifying a
token. And it does the correct thing when creating processes when
specifying a token.

Updates #32000
Fixes #32081

Change-Id: Ib4a90cfffb6ba866c855f66f1313372fdd34ce41
Reviewed-on: https://go-review.googlesource.com/c/go/+/177538
Run-TryBot: Jason Donenfeld <Jason@zx2c4.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>

src/internal/syscall/windows/syscall_windows.go		diff \| blob \| history
src/internal/syscall/windows/zsyscall_windows.go		diff \| blob \| history
src/os/env_default.go	[new file with mode: 0644]	blob
src/os/env_windows.go	[new file with mode: 0644]	blob
src/os/exec_posix.go		diff \| blob \| history