Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GetTempPath known issues documentation #9462

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

GetTempPath known issues documentation #9462

wants to merge 4 commits into from

Conversation

rbhanda
Copy link
Contributor

@rbhanda rbhanda commented Aug 14, 2024

No description provided.

@rbhanda rbhanda requested a review from leecow as a code owner August 14, 2024 22:45
## .NET Servicing July 2024 update
The .NET Servicing updated released on [July](https://github.com/dotnet/announcements/issues/311) contains a security fix addressed an elevation of privilege vulnerability detailed in CVE [2024-38081](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38081). The fix changed System.IO.Path.GetTempPath method return value. If windows version exposes the GetTempPath2 Win32 API, this method invokes that API and returns the resolved path. [See the Remarks section](https://learn.microsoft.com/windows/win32/api/fileapi/nf-fileapi-gettemppath2w#remarks) of the [GetTempPath2](https://learn.microsoft.com/windows/win32/api/fileapi/nf-fileapi-gettemppath2w) documentation for more information on how this resolution is performed, including how to control the return value through the use of environment variables. The GetTempPath2 API may not be available on all versions of Windows.

An observable difference between the GetTempPath and GetTempPath2 Win32 APIs is that they return different values for SYSTEM and non-SYSTEM processes. When calling this function from a process running as SYSTEM it will return the path %WINDIR%\SystemTemp, which is inaccessible to non-SYSTEM processes. This return value for SYSTEM processes cannot be overridden by environment variables. For non-SYSTEM processes, GetTempPath2 will behave the same as GetTempPath, respecting the same environment variables to override the return value.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Recommend striking these sentences. We discussed it offline, but the gist is that the statements are not 100% accurate, and we (.NET) should not make ourselves appear as the authoritative source of information for a Windows API.

When calling this function from a process running as SYSTEM it will return the path %WINDIR%\SystemTemp, which is inaccessible to non-SYSTEM processes. This return value for SYSTEM processes cannot be overridden by environment variables.

If you want to call attention to the specific problem people are having, you could couch it in point-in-time terms, like:

As of this writing (August 2024), when running as a SYSTEM-level process, environment variables like %TEMP% are not honored by the GetTempPath2 Win32 API. This could cause behavioral differences for applications which run as SYSTEM and which previously relied on the %TEMP% environment variable controlling the return value of the Path.GetTempPath API.

Copy link

@TaraOverfield TaraOverfield Aug 19, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@GrabYourPitchforks - Are you suggesting that we add the extra call out in the beginning or the end of the known issues section? What do you think of something like this:

The .NET Framework servicing update released on July 2024 security and quality rollup - .NET Framework contains a security fix addressed an elevation of privilege vulnerability detailed in CVE 2024-38081. The fix changed System.IO.Path.GetTempPath method return value. If windows version exposes the GetTempPath2 Win32 API, this method invokes that API and returns the resolved path. See the Remarks section of the GetTempPath2 documentation for more information on how this resolution is performed, including how to control the return value through the use of environment variables. The GetTempPath2 API may not be available on all versions of Windows.

An observable difference between the GetTempPath and GetTempPath2 Win32 APIs is that they return different values for SYSTEM and non-SYSTEM processes. As of this publishing, in August 2024, when running as a SYSTEM-level process, environment variables like %TEMP% are not honored by the GetTempPath2 Win32 API. This could cause behavioral differences for applications which run as SYSTEM and which previously relied on the %TEMP% environment variable controlling the return value of the Path.GetTempPath API. For non-SYSTEM processes, GetTempPath2 will behave the same as GetTempPath, respecting the same environment variables to override the return value.

In some scenarios it may be possible to redirect the Temp folder to a different folder using environment variables or other means. Please refer to the official documentation for the GetTempPath2 Win32 API for the most up to date information on this behavior.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Building on the suggestions from @TaraOverfield and @GrabYourPitchforks, here's my stab at it:

The .NET Framework servicing update released on July 2024 security and quality rollup - .NET Framework contains a security fix addressed an elevation of privilege vulnerability detailed in CVE 2024-38081. The fix changed System.IO.Path.GetTempPath method return value. If windows version exposes the GetTempPath2 Win32 API, this method invokes that API and returns the resolved path. See the Remarks section of the GetTempPath2 documentation for more information on how this resolution is performed. The GetTempPath2 API may not be available on all versions of Windows.

An intentional and observable difference between the GetTempPath and GetTempPath2 Win32 APIs is that they return different values for SYSTEM and non-SYSTEM processes. As of this publishing in August 2024, when running as a SYSTEM-level process, no environment variables are honored by the GetTempPath2 Win32 API. This will cause behavioral differences for applications which run as SYSTEM and previously relied on environment variables to control the drive or folder in the Path.GetTempPath return value. For non-SYSTEM processes, GetTempPath2 behavior is unchanged, respecting the same environment variables as the GetTempPath Win32 API to override the return value.

Please refer to the official documentation for the GetTempPath2 Win32 API for the most up to date information on this behavior.

-- System-wide environment variables can be set by running “sysdm.cpl” from a cmd window, and then navigating to “Advanced -> Environment variables -> System variables -> New”.

**Resolution**
The API behavior change is by design to address the elevation of privilege vulnerability. Any affected software or application is expected to make code change to adapt to this new design change.
Copy link
Member

@GrabYourPitchforks GrabYourPitchforks Aug 15, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any affected software or application is expected to make code change to adapt to this new design change.

This seems... hostile? Who needs to make a code change, and what type of code change are they expected to make?

Should we just strike this sentence entirely if it doesn't add value?

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree the statement seems harsh. There was much discussion about the resolution prior to making the initial post. It seemed necessary to give customers a direction of what they need to do for a permanent fix other than opting out of the security changes.

Can you suggest a better way to inform customers that they should really make a code change? It seems a little light in content to leave the resolution as "The API behavior change is by design to address the elevation of privilege vulnerability."

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, I'm honestly not quite sure what to put here. The reason we made the code change is that we wanted customers to be secure without them needing to modify their own code. :)

If we felt compelled to write something, maybe something like "if you know your app depends on (some env var), query that specific env var"? That's generally good practice for limiting code fragility anyway. It makes the code more closely tied to the thing it cares about rather than bouncing through an indirection and all the implementation details that might come with it.

## .NET Servicing July 2024 update
The .NET Servicing updated released on [July](https://github.com/dotnet/announcements/issues/311) contains a security fix addressed an elevation of privilege vulnerability detailed in CVE [2024-38081](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38081). The fix changed System.IO.Path.GetTempPath method return value. If windows version exposes the GetTempPath2 Win32 API, this method invokes that API and returns the resolved path. [See the Remarks section](https://learn.microsoft.com/windows/win32/api/fileapi/nf-fileapi-gettemppath2w#remarks) of the [GetTempPath2](https://learn.microsoft.com/windows/win32/api/fileapi/nf-fileapi-gettemppath2w) documentation for more information on how this resolution is performed, including how to control the return value through the use of environment variables. The GetTempPath2 API may not be available on all versions of Windows.

An observable difference between the GetTempPath and GetTempPath2 Win32 APIs is that they return different values for SYSTEM and non-SYSTEM processes. When calling this function from a process running as SYSTEM it will return the path %WINDIR%\SystemTemp, which is inaccessible to non-SYSTEM processes. This return value for SYSTEM processes cannot be overridden by environment variables. For non-SYSTEM processes, GetTempPath2 will behave the same as GetTempPath, respecting the same environment variables to override the return value.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Building on the suggestions from @TaraOverfield and @GrabYourPitchforks, here's my stab at it:

The .NET Framework servicing update released on July 2024 security and quality rollup - .NET Framework contains a security fix addressed an elevation of privilege vulnerability detailed in CVE 2024-38081. The fix changed System.IO.Path.GetTempPath method return value. If windows version exposes the GetTempPath2 Win32 API, this method invokes that API and returns the resolved path. See the Remarks section of the GetTempPath2 documentation for more information on how this resolution is performed. The GetTempPath2 API may not be available on all versions of Windows.

An intentional and observable difference between the GetTempPath and GetTempPath2 Win32 APIs is that they return different values for SYSTEM and non-SYSTEM processes. As of this publishing in August 2024, when running as a SYSTEM-level process, no environment variables are honored by the GetTempPath2 Win32 API. This will cause behavioral differences for applications which run as SYSTEM and previously relied on environment variables to control the drive or folder in the Path.GetTempPath return value. For non-SYSTEM processes, GetTempPath2 behavior is unchanged, respecting the same environment variables as the GetTempPath Win32 API to override the return value.

Please refer to the official documentation for the GetTempPath2 Win32 API for the most up to date information on this behavior.

release-notes/6.0/known-issues.md Outdated Show resolved Hide resolved
@@ -2,6 +2,26 @@

You may encounter the following known issues, which may include workarounds, mitigations, or expected resolution timeframes.

## .NET Servicing July 2024 update
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Once we settle on the text above, we'll of course need to replicate it into this file too.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants