| ▲ | withinrafael 3 days ago | |||||||
In July, packages were loading malicious DLLs (on Windows targets) [1]. It doesn't appear Lavamoat would help in that scenario. Is that right? If so, how do you mitigate this? Run everything in a container? [1] https://www.crowdstrike.com/en-us/blog/crowdstrike-falcon-pr... | ||||||||
| ▲ | naugtur 3 days ago | parent | next [-] | |||||||
1. Control lifecycle scripts with @lavamoat/allow-scripts 2. Do local dev with https://github.com/lavamoat/kipuka installed (I'm working on it) 3. If you don't permit the APIs used for loading DLLs they won't load themselves, so runtime protections are valid too. But I recall the DLLs were loaded in lifecycle script. | ||||||||
| ||||||||
| ▲ | mike-cardwell 3 days ago | parent | prev [-] | |||||||
| ||||||||