Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

How to prevent access to WSL1/2 distributions in Windows 10/11 #11455

Closed
JeongJaecheol opened this issue Apr 12, 2024 · 4 comments
Closed

How to prevent access to WSL1/2 distributions in Windows 10/11 #11455

JeongJaecheol opened this issue Apr 12, 2024 · 4 comments

Comments

@JeongJaecheol
Copy link

JeongJaecheol commented Apr 12, 2024

I don't want access to the WSL1/2 distribution other than deleting it from Windows 10/11. (For example, changing the root account password of the distribution, accessing the distribution directory, etc.)
For these, are the 3 methods below possible?

  1. Always request login when accessing distribution shell from Windows terminal, etc.
  2. wsl2's vhdx file encrytion
  3. Block access to \wsl$ in File Explorer or require distribution login or password.
Copy link

Logs are required for review from WSL team

If this a feature request, please reply with '/feature'. If this is a question, reply with '/question'.
Otherwise please attach logs by following the instructions below, your issue will not be reviewed unless they are added. These logs will help us understand what is going on in your machine.

How to collect WSL logs

Download and execute collect-wsl-logs.ps1 in an administrative powershell prompt:

Invoke-WebRequest -UseBasicParsing "https://raw.githubusercontent.com/microsoft/WSL/master/diagnostics/collect-wsl-logs.ps1" -OutFile collect-wsl-logs.ps1
Set-ExecutionPolicy Bypass -Scope Process -Force
.\collect-wsl-logs.ps1

The scipt will output the path of the log file once done.

Once completed please upload the output files to this Github issue.

Click here for more info on logging
If you choose to email these logs instead of attaching to the bug, please send them to [email protected] with the number of the github issue in the subject, and in the message a link to your comment in the github issue and reply with '/emailed-logs'.

@JeongJaecheol
Copy link
Author

JeongJaecheol commented Apr 12, 2024 via email

Copy link

Diagnostic information
Found '/question', adding tag 'question'
Found '/feature', adding tag 'feature'
Found '/emailed-logs', adding tag 'emailed-logs'

@OneBlue
Copy link
Collaborator

OneBlue commented Apr 12, 2024

@JeongJaecheol: This is unfortunately impossible by design. Even if let's say WSL added a form of password protection, the place where the distribution files are themselves stored is accessible to the user (Either %appdata%\Local\lxss for WSL1, or ext4.vhdx for WSL2).

If you want additional protection for your linux distribution, the easiest way would be to have a dedicated Windows account that would own the distributions, and then elevate / switch to that account when you want to access WSL.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants