为什么Electron杀死带有冒号参数的Windows进程? [英] Why does Electron kill Windows processes that have arguments with colons?
问题描述
如果我启动一个带有冒号参数的Electron程序,该程序将立即退出.
If I start an Electron program that has an argument with a colon, the program immediately exits.
Process process = new Process();
process.StartInfo.FileName = "C:\\Program Files (x86)\\SomeElectronApp.exe";
process.StartInfo.Arguments = "ab:c d";
process.Start();
process.WaitForExit();
Console.WriteLine(1); // break point here
但是,如果我交换参数以使带有冒号的参数始终排在最后,那么程序将成功启动.
However, if I swap the arguments such that the one with the colon always comes last, then the program starts successfully.
在此处提到
[This]是针对古老的Windows漏洞的安全缓解措施
[This] is a security mitigation against an age old windows flaw
有人知道这个缺陷是什么吗?
Does anyone have insight into what this flaw is?
更新:
找到了源代码此处:
函数 CheckCommandLineArguments 具有逻辑:
else if (IsUrlArg(argv[i])) {
block_args = true;
}
IsUrlArg 在哪里:
// colon indicates that the argument starts with a URI scheme
if (c == ':') {
// it could also be a Windows filesystem path
if (p == arg + 1)
break;
return true;
}
推荐答案
通过查看提交找到了答案.
Found the answer from looking at the commit.
已完成修复远程代码执行漏洞(CVE-2018-1000006).来源:
It was done to fix a remote code execution vulnerability (CVE-2018-1000006). Source:
当满足某些条件时,受影响的电子版本可能易受远程代码执行漏洞的攻击:
Affected versions of electron may be susceptible to a remote code execution flaw when certain conditions are met:
- 电子应用程序正在Windows上运行.
- 电子应用程序注册为协议的默认处理程序,例如nodeapp://.
此漏洞是由于无法在Electron的命令行处理程序中清理铬的其他参数而引起的.
This vulnerability is caused by a failure to sanitize additional arguments to chromium in the command line handler for Electron.
这篇关于为什么Electron杀死带有冒号参数的Windows进程?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
