0

I have an application which needs to be restarted at some defined places (say when the application is idle for a timeout threshold). I have a batch file to execute restart commands.Now I am checking out the batch file with the application itself and running the batch file when need occurs. Now I have found out that a malicious user can modify the batch file (Restart.cmd) and include a malicious payload (e.g executable file (.exe)). Whenever the batch file runs, the malicious payload will be executed as well.

I can run all the command one by one using system() call. But I thought of having the same batch file embedded with the code and run it without actually deploying it with the application. Is this possible? or are there any smarter ways to do so.

The batch file is as follows

echo Waiting for old instance to exit
timeout.exe /T 5
copy _download\* .
start %*
exit
Kethiri Sundar
  • 480
  • 2
  • 12
  • Show your actual batch file, as some [MCVE], in your question. Explain how exactly is it installed. Did you consider using the permission system of your OS to forbid the random user to change it? – Basile Starynkevitch Sep 20 '18 at 04:23
  • 1
    Actually the application doesnt need admin privilages to run..Even if we install the application in restricted path.A malicious user can copy the entire directory to some other place and still modify the batch file and run it. – Kethiri Sundar Sep 20 '18 at 04:32
  • Your application don't need admin privileges, but your script might need them (perhaps just to avoid being overwritten by the malicious user) – Basile Starynkevitch Sep 20 '18 at 04:49
  • BTW, [this](https://stackoverflow.com/a/450950/841108) answer (about a `popen` equivalent) could help. Perhaps you could "popen" the `cmd.exe` shell and feed it with your commands – Basile Starynkevitch Sep 20 '18 at 04:51
  • Learn more about [dynamic software updating](https://en.wikipedia.org/wiki/Dynamic_software_updating). I am guessing it is relevant for your concerns. – Basile Starynkevitch Sep 20 '18 at 05:26
  • "*I have an application which needs to be restarted at some defined places*" - why not design tbe app to simply shutdown the relavant pieces of code, and then restart them afterwards? For instance, move the pieces into worker threads that you can stop and start when needed. No need to restart the entire app, and thus no need for a batch file. Stop the code, perform updates, restart code. – Remy Lebeau Sep 20 '18 at 06:52
  • 1
    @RemyLebeau I have an option to update the app as well. For that I need a full application restart – Kethiri Sundar Sep 20 '18 at 06:54

0 Answers0