mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-27 18:18:55 +00:00
9d0af9a811
Bumps [crash-handler](https://github.com/EmbarkStudios/crash-handling) from 0.6.0 to 0.6.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/EmbarkStudios/crash-handling/releases">crash-handler's releases</a>.</em></p> <blockquote> <h2>crash-handler-0.6.1</h2> <h3>Added</h3> <ul> <li><a href="https://redirect.github.com/EmbarkStudios/crash-handling/pull/81">PR#81</a> resolved <a href="https://redirect.github.com/EmbarkStudios/crash-handling/issues/79">#79</a> by adding <code>make_single_crash_event</code>.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="d34d00bc51"><code>d34d00b</code></a> chore: Release</li> <li><a href="789c99498c"><code>789c994</code></a> Update CHANGELOGs</li> <li><a href="addf1486f8"><code>addf148</code></a> Update (<a href="https://redirect.github.com/EmbarkStudios/crash-handling/issues/81">#81</a>)</li> <li><a href="16c2545f2a"><code>16c2545</code></a> chore: Release</li> <li><a href="955629bab9"><code>955629b</code></a> Update CHANGELOG</li> <li><a href="5e907ff389"><code>5e907ff</code></a> Add Android support for the i686 and x86-64 targets (<a href="https://redirect.github.com/EmbarkStudios/crash-handling/issues/76">#76</a>)</li> <li><a href="14bba1b81e"><code>14bba1b</code></a> Fix using <code>crash-handler</code> under Miri (<a href="https://redirect.github.com/EmbarkStudios/crash-handling/issues/75">#75</a>)</li> <li><a href="1db8fca031"><code>1db8fca</code></a> chore: Release</li> <li>See full diff in <a href="https://github.com/EmbarkStudios/crash-handling/compare/crash-handler-0.6.0...crash-handler-0.6.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Reactor Scram <ReactorScram@users.noreply.github.com>
windows-client
This crate houses a Windows GUI client.
Setup
This is the minimal toolchain needed to compile natively for x86_64 Windows:
- Install rustup for Windows.
- Install pnpm for your platform.
Recommended IDE Setup
(From Tauri's default README)
Building
Builds are best started from the frontend tool pnpm. This ensures typescript
and css is compiled properly before bundling the application.
See the package.json script for more details as to what's
going on under the hood.
# Builds a release exe
pnpm build
# The release exe and MSI installer should be up in the workspace.
# The exe can run without being installed
stat ../target/release/Firezone.exe
stat ../target/release/bundle/msi/Firezone_0.0.0_x64_en-US.msi
Running
From this dir:
# This will start the frontend tools in watch mode and then run `tauri dev`
pnpm dev
# You can call debug subcommands on the exe from this directory too
# e.g. this is equivalent to `cargo run -- debug hostname`
cargo tauri dev -- -- debug hostname
# The exe is up in the workspace
stat ../target/debug/Firezone.exe
The app's config and logs will be stored at
C:\Users\$USER\AppData\Local\dev.firezone.client.
Platform support
Tauri says it should work on Windows 10, Version 1803 and up. Older versions may work if you manually install WebView2
x86_64 architecture is supported at this time. See
this issue for aarch64
support.
Threat model
We can split this to its own doc or generalize it to the whole project if needed.
This is prescriptive.
The Windows client app:
- SHOULD protect against the device being stolen or tampered with, if Windows is locked the entire time, and if the incident is reported quick enough that the token can be revoked
- Cannot protect against malicious / rogue users signed in to the application
- Cannot protect against malware running with the same permissions as the user
- Cannot protect against an attacker who has physical access to a device while Windows is unlocked
Where the client app does protect against attackers, "protect" is defined as:
- It should be impractical to read or write the token, while Windows is locked
- It should be impractical to change the advanced settings to point to a malicious server, while Windows is locked
Security as implemented
The Windows client's encrypted storage uses the
keyring crate, which uses Windows'
credential management API.
It's hard to find good documentation on how Windows encrypts these secrets, but as I understand it:
- They are locked by a key derived from the Windows password, so if the password has enough entropy, and Windows is locked or shut down, the passwords are not trivial to exfiltrate
- They are not readable by other users on the same computer, even when Windows is unlocked
- They are readable by any process running as the same user, while Windows is unlocked.
To defend against malware running with user permissions, we'd need to somehow identify our app to Windows and tell Windows to store our token in such a way that un-signed apps cannot read it.
Here are some sources I found while researching:
- https://www.google.com/search?hl=en&q=windows%20credential%20vault#ip=1
- https://stackoverflow.com/questions/9221245/how-do-i-store-and-retrieve-credentials-from-the-windows-vault-credential-manage
- https://security.stackexchange.com/questions/119765/how-secure-is-the-windows-credential-manager
- https://security.stackexchange.com/questions/93437/how-to-read-password-from-windows-credentials/177686#177686 https://en.wikipedia.org/wiki/Data_Protection_API
- https://passcape.com/index.php?section=docsys&cmd=details&id=28
There are at least 2 or 3 different crypto APIs in Windows mentioned in these
pages, so not every comment applies to keyring. I think DPAPI is a different
API from CredReadW which keyring uses:
1732b79aa3/src/windows.rs (L204)