NorthstarLauncher icon indicating copy to clipboard operation
NorthstarLauncher copied to clipboard

Published 20 hours ago verified publisher icon R2Northstar

Set process mitigation policies for hardened security against potential RCE attacks

Open KittenPopo opened this issue 3 years ago • 4 comments

Windows has a set of features called "mitigation policies" for developers to use on their programs. This allows the developer to prevent their program from being able to do certain "sketchy" things that it wouldn't need to normally, as a security measure in case of unauthorized code execution.

Since Titanfall 2 is a very exploitable game, and I've found quite a few potential RCE exploits, I think it is very important that Northstar have as many of these policies enabled as possible.

This pull request will cause the launcher to reboot itself immediately with various mitigation policies. I have tested Northstar with these policies, everything works fine.

Policies Enabled:

  • Control Flow Guard (should be enabled by default in any release build, but just in case), prevents the control flow path from "escaping", which is a common attack on a program's security
  • Disable all remote image loading (this should really never happen)
  • Prevent system module loading from defaulting to modules in the default directory instead of system directories (I don't know why this is a thing by default, but, it's ridiculous for obvious reasons)
  • Prevent manual syscalls (this is by far the most important, as this is enabled by default and would allow RCEs to call system functions manually straight into kernel in just 2 tiny instructions, VERY bad)

image

This, along with my AntiRCE file check system in my other PR, should prevent small RCEs from being able to do much damage to a user, if any.

KittenPopo avatar Jun 01 '22 09:06 KittenPopo

Needs testing with Linux support and people using -northstar to start Northstar from Steam/Origin via wsock32.dll

GeckoEidechse avatar Jun 13 '22 16:06 GeckoEidechse

Needs testing with Linux support and people using -northstar to start Northstar from Steam/Origin via wsock32.dll

In theory you could simply add a check to the wsock proxy and make it reboot via northstarlauncher to ensure it ends up with the policies enabled

barnabwhy avatar Jun 19 '22 22:06 barnabwhy

Needs testing with Linux support and people using -northstar to start Northstar from Steam/Origin via wsock32.dll

Yea I did some more testing - it doesn't even seem to always enable the policies, even when set at startup. Sometimes it literally changes none of them, seemingly at random. WinAPI moment... at least DEP is enabled by default for all x64 processes.

This PR needs some big improvements cause it's too inconsistent.

KittenPopo avatar Jun 19 '22 22:06 KittenPopo

This PR needs some big improvements cause it's too inconsistent.

Imma turn this PR into draft state then to prevent accidental merges. You should be able to change it back once ready <3

GeckoEidechse avatar Jun 19 '22 23:06 GeckoEidechse

Closing as stale

emma-miler avatar Dec 20 '22 14:12 emma-miler