mirror of
https://github.com/rust-lang/rust.git
synced 2025-02-08 04:56:58 +00:00
856eefece9
Update std::env::temp_dir to use GetTempPath2 on Windows when available. As a security measure, Windows 11 introduces a new temporary directory API, GetTempPath2. When the calling process is running as SYSTEM, a separate temporary directory will be returned inaccessible to non-SYSTEM processes. For non-SYSTEM processes the behavior will be the same as before. This can help mitigate against attacks such as this one: https://medium.com/csis-techblog/cve-2020-1088-yet-another-arbitrary-delete-eop-a00b97d8c3e2 Compatibility risk: Software which relies on temporary files to communicate between SYSTEM and non-SYSTEM processes may be affected by this change. In many cases, such patterns may be vulnerable to the very attacks the new API was introduced to harden against. I'm unclear on the Rust project's tolerance for such change-of-behavior in the standard library. If anything, this PR is meant to raise awareness of the issue and hopefully start the conversation. How tested: Taking the example code from the documentation and running it through psexec (from SysInternals) on Win10 and Win11. On Win10: C:\test>psexec -s C:\test\main.exe <...> Temporary directory: C:\WINDOWS\TEMP\ On Win11: C:\test>psexec -s C:\test\main.exe <...> Temporary directory: C:\Windows\SystemTemp\ |
||
|---|---|---|
| .. | ||
| alloc | ||
| backtrace@b02ed04a7e | ||
| core | ||
| panic_abort | ||
| panic_unwind | ||
| portable-simd | ||
| proc_macro | ||
| profiler_builtins | ||
| rtstartup | ||
| rustc-std-workspace-alloc | ||
| rustc-std-workspace-core | ||
| rustc-std-workspace-std | ||
| std | ||
| stdarch@cfba59fccd | ||
| test | ||
| unwind | ||