sockets for redirections are not using any security

xilun / cbwin

Launch Windows programs from "Bash on Ubuntu on Windows" (WSL)

Other

327 stars 25 forks source link

sockets for redirections are not using any security #30

Closed xilun closed 7 years ago

xilun commented 7 years ago

So there is still a risk when used on a multi user computer for now...

xilun commented 7 years ago

One way to fix that would be to also connect from the client to outbash.exe for redirection sockets (and not what is done for now in v0.9 and current HEAD: the reverse direction)

advantage: same security code as for control socket
drawback: "slow" when using lots of TCP socket on the same computer - but I can limit to a single extra call to GetExtendedTcpTable, or maybe even still only one per process spawn

Or I could implement custom security inband for redirection sockets -- but I'd rather not.

xilun commented 7 years ago

Or the client could wait for a confirmation of outbash.exe before starting redirection forwarding. outbash.exe would not confirm before successful connection to redirection port. (Each redirection port is exclusively owned by the client.)

xilun commented 7 years ago

3cfe57d partially mitigates the risk for now.

Further commits will eliminate it -- they will probably be backward incompatible at protocol level.

xilun commented 7 years ago

b4a8cf4 does not change the situation for now, but prepare for further changes that will.

xilun commented 7 years ago

5383b61 finishes to fix this issue. A new release will be published soon.

xilun commented 7 years ago

Fixed in release v0.10