Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Isn't it dangerous to use the default Interop settings in wsl? #11454

Closed
otogawakatsutoshi opened this issue Apr 12, 2024 · 2 comments
Closed

Isn't it dangerous to use the default Interop settings in wsl? #11454

otogawakatsutoshi opened this issue Apr 12, 2024 · 2 comments
Labels
needs-author-feedback

Comments

@otogawakatsutoshi
Copy link

The default setting for wsl is as follows.

[interop]
enabled = true
appendWindowsPath = true

It can start windows programs from wsl and it can also refer to the windows PATH from wsl.
This may be useful, but with this setup, it is also possible to download and run windows programs from wsl and launch them.
At this time, if the program requires administrator privileges on the windows side, the process stops there.
The problem, however, is when wsl is run as a Windows Administrator user or with administrator privileges.

As long as you launch wsl with Windows administrator privileges and as an administrator user, you can access all programs that require windows administrator privileges from wsl.
Isn't this dangerous?

For example, windows registry keys can be added or removed from the wsl general user.

reg.exe add HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft /v Var /t REG_SZ /d Data
reg.exe delete  HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft /v Var

When the script is run as a wsl general user, it is run with windows administrator privileges, effectively equating to a general user of wsl having administrator privileges in Windows.

If this administrators rights specification is the behavior and specification that is assumed as wsl official,
Interlrop settings default to all false, as shown below,
I think it is safer to set them to true manually at your own risk.

[interop]
enabled = false
appendWindowsPath = false
@github-actions GitHub Actions
Copy link

Logs are required for review from WSL team

If this a feature request, please reply with '/feature'. If this is a question, reply with '/question'.
Otherwise please attach logs by following the instructions below, your issue will not be reviewed unless they are added. These logs will help us understand what is going on in your machine.

How to collect WSL logs

Download and execute collect-wsl-logs.ps1 in an administrative powershell prompt:

Invoke-WebRequest -UseBasicParsing "https://raw.githubusercontent.com/microsoft/WSL/master/diagnostics/collect-wsl-logs.ps1" -OutFile collect-wsl-logs.ps1
Set-ExecutionPolicy Bypass -Scope Process -Force
.\collect-wsl-logs.ps1

The scipt will output the path of the log file once done.

Once completed please upload the output files to this Github issue.

Click here for more info on logging
If you choose to email these logs instead of attaching to the bug, please send them to [email protected] with the number of the github issue in the subject, and in the message a link to your comment in the github issue and reply with '/emailed-logs'.

@microsoft-github-policy-service Microsoft GitHub Policy Service
Copy link
Contributor

This issue has been automatically closed since it has not had any author activity for the past 7 days. If you're still experiencing this issue please re-file it as a new issue.

Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
needs-author-feedback
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@otogawakatsutoshi