0

In .NET one can start a process the following way:

using System.Diagnostics;
Process.Start("process.exe");

If the process.exe is what the developer intended, everything is great. What happens if someone goes in and replaces process.exe with a malicious executable?

Is there anyway to ensure that the executable is the one that the developer specified?

My first thought was to have a checksum of the intended executable hardcoded in the application to test against the file on disk.

Is this the right approach or is there some built in functionality I am not aware of?

afuzzyllama
  • 6,538
  • 5
  • 47
  • 64
  • 2
    Specify `process.exe` with a full/absolute path. Then make sure that file (system) permissions don't allow replacing the file for "unpriviledged" users. I.e. anyone except admins. If your potential attacker is an admin you have different issues anyway. – Christian.K Jan 19 '17 at 14:50
  • if you have only one exe file, it maybe a way (until someone not disassemble you program and change hash to own) – tym32167 Jan 19 '17 at 14:51
  • @Christian.K What happens if it is an application like Google Chrome where the consumer can decide where to install the application and change file permissions? – afuzzyllama Jan 19 '17 at 14:52
  • If you don't have everything under your control, than that is the way it is. You can still lock down on permissions and such, but always flexibility is contrary to security (goals). The point is finding the sweet spot for your particular case. Assessing possible risks and with what you (or your users) can live. – Christian.K Jan 19 '17 at 14:56
  • @Christian.K I just noticed Google Chrome doing this and was wondering if there is an accepted way of handling launches processes from another process. Perhaps its time to dive into their source and find out what I'm living with :) – afuzzyllama Jan 19 '17 at 14:58
  • 2
    Besides you could make sure that executables are digitally signed by an authority that you trust. That is a rather big topic, check out [this](https://msdn.microsoft.com/en-us/library/ms537361(v=vs.85).aspx) for starters. – Christian.K Jan 19 '17 at 14:58
  • @Christian.K if I ever release software in this way, that is probably the best solution. – afuzzyllama Jan 19 '17 at 15:00
  • I agree with @Christian.K - code signing is the standard way to do this. – EJoshuaS - Stand with Ukraine Jan 19 '17 at 16:07
  • @Christian.K Do you want to create an answer to get credit? – afuzzyllama Jan 19 '17 at 16:08
  • I could try to produce a more thorough answer, than just a like to MSDN (like in my comment above). However, since you now know that code signing could be a way to do what you want, it would be good if you first search SO for this. There are a couple of Q&A regarding this already. One might fit your bill. If you are sure there isn't any, I'd try to formulate an answer. – Christian.K Jan 19 '17 at 16:51

0 Answers0