mirror of
https://github.com/kemko/nomad.git
synced 2026-01-01 16:05:42 +03:00
110d93ab25
On Windows, Nomad uses `syscall.NewLazyDLL` and `syscall.LoadDLL` functions to load a few system DLL files, which does not prevent DLL hijacking attacks. Hypothetically a local attacker on the client host that can place an abusive library in a specific location could use this to escalate privileges to the Nomad process. Although this attack does not fall within the Nomad security model, it doesn't hurt to follow good practices here. We can remove two of these DLL loads by using wrapper functions provided by the stdlib in `x/sys/windows` Co-authored-by: dduzgun-security <deniz.duzgun@hashicorp.com>
4 lines
126 B
Plaintext
4 lines
126 B
Plaintext
```release-note:security
|
|
windows: Remove `LazyDLL` calls for system modules to harden Nomad against attacks from the host
|
|
```
|