this post was submitted on 10 Apr 2024
114 points (87.0% liked)

Technology

57432 readers
3198 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
114
Critical Rust flaw enables Windows command injection attacks (www.bleepingcomputer.com)
submitted 4 months ago by [email protected] to c/[email protected]
18 comments fedilink hide all child comments
top 18 comments
sorted by: hot top controversial new old
[–] [email protected] 57 points 4 months ago

Funny how the headline makes it sound like a Rust specific problem, as if the Rust language is unsafe or the core team was incompetent, but then other affected language standard libraries include

  • Erlang (documentation update)
  • Go (documentation update)
  • Haskell (patch available)
  • Java (won’t fix)
  • Node.js (patch will be available)
  • PHP (patch will be available)
  • Python (documentation update)
  • Ruby (documentation update)

So actually this is a vulnerability that originates in Windows, and Rust and Haskell are the only languages that are actually protecting users from it as of right now, with Node.js and PHP to follow.

[–] [email protected] 48 points 4 months ago (1 children)

This isn't Rust specific. It's really difficult to securely start a command in Windows. I highly recommend to read https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/.

[–] [email protected] 3 points 4 months ago

I'm honestly surprised windows can even exist at this point.

It's mind-boggling to me that people would dedicate their lives to learning that system when it's such a shoddy piece of crap.

It's amazing what a motivator money can be.

[–] [email protected] 16 points 4 months ago (1 children)

"not so safe now are you Rust" ~C, probably

[–] [email protected] 12 points 4 months ago* (last edited 4 months ago) (1 children)

It's not Rust, the language or even Windows.

It's if you write a program that allows the end user to call a command prompt and don't carefully sanitize the input, bad things could happen.

I mean, maybe Windows could do something different but if you wrote JavaScript that takes text input from a webpage and pass it to "sudo bash ##commands", you're going to have a bad time.

It's complete click bait because Rust has a reputation for security.

[–] [email protected] 9 points 4 months ago* (last edited 4 months ago) (1 children)

It's definitely not Rust's fault, but it's kinda Windows' one and cmd.exe escape logic... It's really difficult to write logic that will correctly escape any argument given to it, cmd.exe really is a pain to deal with :/

The Rust security team faced a significant challenge when dealing with cmd.exe's complexity since they couldn't find a solution that would correctly escape arguments in all cases.

As a result, they had to improve the robustness of the escaping code and modify the Command API. If the Command API cannot safely escape an argument while spawning the process, it returns an InvalidInput error.

"If you implement the escaping yourself or only handle trusted inputs, on Windows you can also use the CommandExt::raw_arg method to bypass the standard library's escaping logic," the Rust Security Response WG added.

I get that in situations where they can't safely escape a parameter they'll just stop with an error, which sound as sane as one could go with this!

[–] [email protected] 1 points 4 months ago (1 children)

It's really difficult to write logic that will correctly escape any argument given to it, cmd.exe really is a pain to deal with :/

Is cmd.exe even a thing in Windows? I know it exists and you can run it but I thought I read that the default is Power Shell now. (Just Googled, yeah Powershell replaced cmd.exe by default in 2022.)

[–] [email protected] 1 points 4 months ago* (last edited 4 months ago) (1 children)

https://learn.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-createprocessa

To run a batch file, you must start the command interpreter; set lpApplicationName to cmd.exe and set lpCommandLine to the following arguments: /c plus the name of the batch file.

Because a batch file (.bat or .cmd) is basically a set of cmd.exe instructions I guess that's why you can't get away from it.

And as if making sense of this CreateProcessA system call wasn't funny enough, you also need to figure out how to safely prepare that lpCommandLine for it following all of cmd.exe's weird escaping rules... lol

[–] [email protected] 2 points 4 months ago (1 children)

Do you have to run a batch file? Why not a Powershell script since that's the default?

[–] [email protected] 2 points 4 months ago

If you can avoid running batch files altogether then great, amazing. But there are projects out there using Rust that still depend on running those and that's the focus of the issue... But yeah I cannot wait until the day I won't hear about cmd.exe again.

[–] [email protected] 5 points 4 months ago (2 children)

I’m no Windows expert but I wonder why they don’t offer a “Windows Now” type product that breaks backwards compatibility but is more secure. Something that doesn’t even come with cmd.exe because Powershell exists. (Not that it would solve the issue in the article. This is more an aside.) Windows RT was probably not that. From what I understand, it was a “Windows But Weirdly Limited” product. I mean full Windows that can run reasonably modern software but does away with all the backwards compatibility stuff only certain businesses need.

Apple is ruthless about that and it doesn’t seem to hurt them. Linux distros barely bother because you can always find a way to run an old version if you really want to. It’s kind of neat that Windows can still run Excel 1.0 or whatever but as a non-Windows user, it seems like they could break with the past and fix a lot of security issues for a fraction of what they’re spending on A.I. PowerPoints or whatever.

[–] [email protected] 6 points 4 months ago

That was what 10X was supposed to be. It was supposed to be practically a full rewrite of the OS to shake off all the legacy cruft with support for existing Win32 apps through containerization. It was dropped along with the Surface Neo and they shifted their focus to Win 11 instead which is a real shame.

[–] [email protected] 5 points 4 months ago (1 children)

Windows's entire selling point is backwards-compatibility, maybe except the ARM version.

[–] [email protected] 1 points 4 months ago

Yes, one of the factors that contributed to the demise of Windows Mobile was the lack of backwards-compatibility for apps between 7, 8, an 10.

[–] [email protected] 4 points 4 months ago

Feels like the Spanish flu all over

[–] [email protected] -3 points 4 months ago

Damn. I love the game.