maxmustermann/terminal
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

comments

Browse source
This commit is contained in:
Mike Griese 2021-09-14 15:36:03 -05:00
parent 47d55a8fd0
commit 54a002762a
1 changed files with 26 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
src/cascadia/TerminalApp/TerminalPage.cpp
View file

@ -1480,14 +1480,33 @@ namespace winrt::TerminalApp::implementation
return true;
}
// Function Description:
// - Returns true if this commandline is precisely an executable in
// system32. We can use this to bypass the elevated state check, because
// we're confident that executables in that path won't have been hijacked.
// Arguments:
// - commandLine: the command to check.
// Return Value (example):
// - C:\windows\system32\cmd.exe -> returns true
// - cmd.exe -> returns false
// - C:\windows\system32\cmd.exe /k echo sneaky sneak -> returns false
static bool _isInSystem32(std::wstring_view commandLine)
{
// TODO! magic static
static std::wstring systemDirectory{};
if (FAILED(wil::GetSystemDirectoryW(systemDirectory)))
// use C++11 magic statics to make sure we only do this once.
static std::wstring systemDirectory = []() -> std::wstring {
// *** THIS IS A SINGLETON ***
static std::wstring sys32{};
if (FAILED(wil::GetSystemDirectoryW(sys32)))
{
// we couldn't look up where system32 is?? Then it's definitely not
// in System32
return {};
}
return sys32;
}();
if (systemDirectory.empty())
{
// we couldn't look up where system32 is?? Then it's definitely not
// in System32
return false;
}
@ -1519,9 +1538,9 @@ namespace winrt::TerminalApp::implementation
// NOTE: For debugging purposes, changing this to `true ||
// _isElevated()` is a handy way of forcing the elevation logic, even
// when unelevated.
if (true || _isElevated())
if (_isElevated())
{
// If the cmdline starts with (case-insensitive)
// If the cmdline is EXACTLY an executable in
// `C:\WINDOWS\System32`, then ignore this check.
if (_isInSystem32(cmdline))
{