tailscale/util/winutil
Aaron Klotz 7adf15f90e cmd/tailscale/cli, util/winutil/authenticode: flesh out authenticode support
Previously, tailscale upgrade was doing the bare minimum for checking
authenticode signatures via `WinVerifyTrustEx`. This is fine, but we can do
better:

* WinVerifyTrustEx verifies that the binary's signature is valid, but it doesn't
  determine *whose* signature is valid; tailscale upgrade should also ensure that
  the binary is actually signed *by us*.
* I added the ability to check the signatures of MSI files.
* In future PRs I will be adding diagnostic logging that lists details about
  every module (ie, DLL) loaded into our process. As part of that metadata, I
  want to be able to extract information about who signed the binaries.

This code is modelled on some C++ I wrote for Firefox back in the day. See
https://searchfox.org/mozilla-central/rev/27e4816536c891d85d63695025f2549fd7976392/toolkit/xre/dllservices/mozglue/Authenticode.cpp
for reference.

Fixes #8284

Signed-off-by: Aaron Klotz <aaron@tailscale.com>
2023-08-01 14:27:30 -06:00
..
authenticode cmd/tailscale/cli, util/winutil/authenticode: flesh out authenticode support 2023-08-01 14:27:30 -06:00
policy various: add golangci-lint, fix issues (#7905) 2023-04-17 18:38:24 -04:00
mksyscall.go cmd/tailscaled, util/winutil: log our registry keys during tailscaled startup 2023-06-01 13:39:17 -06:00
svcdiag_windows.go all: update copyright and license headers 2023-01-27 15:36:29 -08:00
winutil_notwindows.go all: update copyright and license headers 2023-01-27 15:36:29 -08:00
winutil_windows_test.go cmd/tailscaled, util/winutil: log our registry keys during tailscaled startup 2023-06-01 13:39:17 -06:00
winutil_windows.go cmd/tailscaled, util/winutil: log our registry keys during tailscaled startup 2023-06-01 13:39:17 -06:00
winutil.go all: update copyright and license headers 2023-01-27 15:36:29 -08:00
zsyscall_windows.go cmd/tailscaled, util/winutil: log our registry keys during tailscaled startup 2023-06-01 13:39:17 -06:00