mirrors/rufus
1
0
Fork 0
mirror of https://github.com/pbatard/rufus.git synced 2025-05-31 23:08:26 -04:00
Code Issues Projects Releases Packages Wiki Activity

[fido] add additional Authenticode validation before running the script

Browse source 
* This basically means that the script is validate *TWICE*, using two
  completely independent signatures, before it is allowed to run, which
  should add another mitigation layer against TOCTOU (which we already
  friggin' mitigated against anyway) and other potential vectors of
  attack.
* Also remove -DisableFirstRunCustomize option and the associated cookie
  prompt monitoring, which the latest version of Fido no longer requires.
* Also update WDK version for signtool and flesh out PKI error messages.
This commit is contained in:
Pete Batard 2021-05-27 00:18:05 +01:00
parent 3083324a0e
commit f26fd2fbe3
No known key found for this signature in database
GPG key ID: 38E0CF5E69EDD671
8 changed files with 63 additions and 49 deletions
Download patch file Download diff file Expand all files Collapse all files

2
_sign.cmd
View file

@ -1,3 +1,3 @@
@echo off
"C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x64\signtool" sign /v /sha1 9ce9a71ccab3b38a74781b975f1c228222cf7d3b /fd SHA256 /tr http://sha256timestamp.ws.symantec.com/sha256/timestamp %1
"C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x64\signtool" sign /v /sha1 9ce9a71ccab3b38a74781b975f1c228222cf7d3b /fd SHA256 /tr http://sha256timestamp.ws.symantec.com/sha256/timestamp %1
exit