Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Chocolatey Version #23

Open
KingJ opened this issue Mar 18, 2018 · 1 comment
Open

Update Chocolatey Version #23

KingJ opened this issue Mar 18, 2018 · 1 comment
Assignees
@raspi
Milestone
Next version

Comments

@KingJ
Copy link

KingJ commented Mar 18, 2018

Would it be possible to update the version on Chocolatey? It is currently 17.10.20.2236 but the latest Github release is 18.02.20.0506 which confused me a bit when I came to try and configure it via Powershell as that was only possible since 18.02.04.2335.

Many thanks!
@raspi
Copy link
Owner

raspi commented Mar 18, 2018

18.02.04.2335 is in pre-release phase. I'm currently at more in-depth security research phase for the new release version. The pre-release version has the possibility for malicious execution. For example:

Some sysadmin gets fired and they manage to edit the powershell script and add some malicious script like:

Randomly-Delete-One-File
$config = New-Object WinLLDPService.Configuration
# ...
Return $config

I'm trying to mitigate this somehow. Currently i'm thinking that the script is loaded once when the service starts and the script's contents are logged to event log. This way it can be catched.

There's some other approaches too and I'm researching those.

@raspi raspi self-assigned this Mar 18, 2018
@raspi raspi added this to the Next version milestone Mar 18, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@raspi raspi

Labels
None yet
Projects
None yet
Milestone
Next version
Development

No branches or pull requests
2 participants
@raspi @KingJ