Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

A signed Squirrel binary can be used to execute untrusted code

See original GitHub issue

https://techmonitor.ai/technology/cybersecurity/microsoft-teams-vulnerability etc.

Do we need to do anything about this? As long as we’re not allowing privilege elevation is it a problem? What can be done to mitigate risks of executing untrusted code? Check for a matching code signature before --processStart? Embedding update URL in Update.exe?

Issue Analytics

State:
Created 2 years ago
Comments:8 (6 by maintainers)

Top GitHub Comments

1reaction

Daniel-Svenssoncommented, Jan 30, 2022

Some thoughts on certificate validation. Policy. It might be nice with some choice since use cases might differ.

If I remember correctly for clickonce you can change certificate to any new certificate as long as you don’t change anything else (name/url).

Different possible certificate check policies:

any (valid and trusted) certificate
same CN/DN
Bundle list if valid certificates (or do double signing with both old and new when changing certificate)
no signing (same as current)

Other thoughts:

for manual update, it might be good to allow implementing other policies
Even a hardcoded “require any valid signature” is a step up from now
Ensure sha1 is not used for hashes
how to handle signature policy mismatch?
- show a ui with the “error/warning” and still allow installation?

1reaction

mschweikertcommented, Jan 25, 2022

Not one hundred percent secure but at least as an additional validation: Maybe we can check if the common name (CN) of the update nuget package’s signature is the same as the one of the signed update.exe? That would at least allow to replace the certificate if it expires …

Top Results From Across the Web

Codesigning error, it is trying to sign a binary file that is ...

Squirrel version(s) 2.0.1 Description I'm using a lib that divides it's binary file into 3 files, the first one gets signed fine, ...

r/netsec - Code execution using Microsoft Teams binaries

This is a LoL technique and can be used for application whitelist bypassing. This is a red team technique, not a true "vulnerability"....

Squirrel Sandbox Escape allows Code Execution in ...

It enables an attacker to bypass the sandbox restrictions and execute arbitrary code within a SquirrelVM, giving the attacker full access to the ......

ldd(1) and untrusted binaries - Julio Merino (jmmv.dev)

ldd uses the dynamic linker to load the binary and its dependencies into memory, and then relies on the dynamic linker itself to...

Building a secure/sandboxed environment for executing ...

The application of sandbox is obvious, you can execute the code which you don't trust without worrying about security much.