Windows: Avoid launching as admin when NSIS installer ends. #12985
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The Bitcoin Core NSIS script runs with elevated privileges. Unfortunately, this means that it launches Bitcoin Core itself with elevated privileges when the user chooses to launch Bitcoin Core at the end of the installation procedure. This commit works around the issue by having explorer.exe launch Bitcoin Core. Seems to be a similar approach to what http://nsis.sourceforge.net/ShellExecAsUser_plug-in does, but without a plugin. h/t to "UK" at https://mdb-blog.blogspot.se/2013/01/nsis-lunch-program-as-user-from-uac.html?showComment=1410158039989#c2463780017054126736 for the sample code. Fixes bitcoin#7990.
|
@ken2812221 Could you provide the basic steps you used to test this, so anyone else can recreate on a Windows VM? |
|
@fanquake I just add if bitcoin core has higher privilege, it can successfully create the directory, otherwise it crash |
|
Concept ACK - would like to see some more tested ACKs. |
|
Gitian build is here: https://bitcoin.jonasschnelli.ch/build/573 |
|
I've tested this using the method @ken2812221 suggested. Basically create a bitcoin.conf with If you then install However if you then install the gitian build provided by @jonasschnelli, and launch Core at the end of the installation, we get an exception. Looking at the debug.log, we no longer have access to |
|
@fanquake Thanks for testing. To be clear: All in all that seems a positive result? I suppose you used |
|
@laanwj Yes, I think it's a positive result. Core should not have access to write files into |
|
Right - it's similar to |
laanwj
added a commit
that referenced
this pull request
Apr 18, 2018
…nds. 7d8a8cc Avoid launching as admin when NSIS installer ends. (JeremyRand) Pull request description: The Bitcoin Core NSIS script runs with elevated privileges. Unfortunately, this means that it launches Bitcoin Core itself with elevated privileges when the user chooses to launch Bitcoin Core at the end of the installation procedure. This PR works around the issue by having `explorer.exe` launch Bitcoin Core. Seems to be a similar approach to what http://nsis.sourceforge.net/ShellExecAsUser_plug-in does, but without a plugin. I've tested this with Sysinternals Process Explorer on Windows 10 32-bit. I wouldn't expect any differences in behavior on other Windows releases, but if anyone would like to test on other Windows releases, feel free. h/t to "UK" at https://mdb-blog.blogspot.se/2013/01/nsis-lunch-program-as-user-from-uac.html?showComment=1410158039989#c2463780017054126736 for the sample code. Fixes #7990. Tree-SHA512: f40d6b6e5bb72952dcfbf223b68bfeb9a03bd5638f41b1700f4651f6452ce3fe7468129f6652c4f546210a5fd2521b2574c4b6068c5aea01ed2d719a8a838cd8
Merged
|
@Michagogo I'm not sure whom at Microsoft Ericlaw talked to (he doesn't give any citation), but Microsoft has recommended the approach of using |
|
I’m not sure if launching explorer.exe with the program as an argument is
exactly equivalent to what that page describes (calling various functions
directly).
…On Thu, Apr 19, 2018 at 12:42 AM JeremyRand ***@***.***> wrote:
@Michagogo <https://github.com/Michagogo> I'm not sure whom at Microsoft
Ericlaw talked to (he doesn't give any citation), but Microsoft has
recommended
<https://blogs.msdn.microsoft.com/oldnewthing/20131118-00/?p=2643> the
approach of using explorer.exe for this.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#12985 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ACcNnuY2XCFhgZWIGqt1gT0Qh3biAlPSks5tp7NDgaJpZM4TVEfn>
.
|
|
@Michagogo the Microsoft page I linked says:
So while I haven't audited the Microsoft sample code to verify that it does that (Windows C API's aren't my specialty), I think it's reasonable to infer that the Microsoft sample code matches the Microsoft description (which matches what this PR does). |
|
Windows C APIs aren’t my specialty either, so maybe someone with more
experience could weigh in, but that code definitely doesn’t just run
explorer.exe with an argument. Just by skimming it, it’s clear that it
somehow looks at the environment to get some kind of handle or something on
the running shell and call a function on that. That may, however, be
equivalent - I don’t have enough deep Windows knowledge to say for sure
what the difference is.
…On Thu, Apr 19, 2018 at 8:38 AM JeremyRand ***@***.***> wrote:
@Michagogo <https://github.com/Michagogo> the Microsoft page I linked
says:
The solution here is to go back to Explorer and ask Explorer to launch the
program for you. Since Explorer is running as the original unelevated user,
the program (in this case, the Web browser) will run as Bob.
So while I haven't audited the Microsoft sample code to verify that it
does that (Windows C API's aren't my specialty), I think it's reasonable to
infer that the Microsoft sample code matches the Microsoft description
(which matches what this PR does).
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#12985 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ACcNnvgiN0-Jy6P-unbmA2Ig5JDQ7qDVks5tqCK5gaJpZM4TVEfn>
.
|
fanquake
pushed a commit
to fanquake/bitcoin
that referenced
this pull request
Apr 26, 2018
The Bitcoin Core NSIS script runs with elevated privileges. Unfortunately, this means that it launches Bitcoin Core itself with elevated privileges when the user chooses to launch Bitcoin Core at the end of the installation procedure. This commit works around the issue by having explorer.exe launch Bitcoin Core. Seems to be a similar approach to what http://nsis.sourceforge.net/ShellExecAsUser_plug-in does, but without a plugin. h/t to "UK" at https://mdb-blog.blogspot.se/2013/01/nsis-lunch-program-as-user-from-uac.html?showComment=1410158039989#c2463780017054126736 for the sample code. Fixes bitcoin#7990. GitHub-Pull: bitcoin#12985 Rebased-From: 7d8a8cc
laanwj
added a commit
that referenced
this pull request
May 16, 2018
8fca086 List support for BIP173 in bips.md (Pieter Wuille) 9645aa6 Remove blockmaxsize option from init.cpp (fanquake) 7847b92 Default to defining endian-conversion DECLs in compat w/o config (Matt Corallo) 1720eb3 qt:Show the entire Window when double clicking on taskbar (Chun Kuan Lee) e055bc0 depends: Fix Qt build with XCode 9.3 (fanquake) 0684cf9 Avoid launching as admin when NSIS installer ends. (JeremyRand) e802c22 [config] Remove blockmaxsize option (John Newbery) f118a7a Fix illegal default `addProxy` and `addrSeparateProxyTor` settings. (251) f60e84d Limit the number of IPs we use from each DNS seeder (e0) Pull request description: Backports: - #12626 Limit the number of IPs addrman learns from each DNS seeder - #12650 gui: Fix issue: "default port not shown correctly in settings dialog" - #12756 [config] Remove blockmaxsize option - #12985 Windows: Avoid launching as admin when NSIS installer ends. - #12946 depends: Fix Qt build with XCode 9.3 - #12998 Default to defining endian-conversion DECLs in compat w/o config - #12999 qt: Show the Window when double clicking the taskbar icon - #13064 List support for BIP173 in bips.md to the 0.16 branch. Tree-SHA512: 3e6b47c54b2cd2bdd81fbc6176cb31e46423f6e05988984d3a09b3535e3cee101ffb071cf753a4beff3c9f0521eb5de4b7c0424a3e97da801d56b4015847ac0f
HashUnlimited
pushed a commit
to chaincoin/chaincoin
that referenced
this pull request
Jun 29, 2018
The Bitcoin Core NSIS script runs with elevated privileges. Unfortunately, this means that it launches Bitcoin Core itself with elevated privileges when the user chooses to launch Bitcoin Core at the end of the installation procedure. This commit works around the issue by having explorer.exe launch Bitcoin Core. Seems to be a similar approach to what http://nsis.sourceforge.net/ShellExecAsUser_plug-in does, but without a plugin. h/t to "UK" at https://mdb-blog.blogspot.se/2013/01/nsis-lunch-program-as-user-from-uac.html?showComment=1410158039989#c2463780017054126736 for the sample code. Fixes bitcoin#7990. GitHub-Pull: bitcoin#12985 Rebased-From: 7d8a8cc
PastaPastaPasta
pushed a commit
to PastaPastaPasta/dash
that referenced
this pull request
Apr 3, 2020
…aller ends. 7d8a8cc Avoid launching as admin when NSIS installer ends. (JeremyRand) Pull request description: The Bitcoin Core NSIS script runs with elevated privileges. Unfortunately, this means that it launches Bitcoin Core itself with elevated privileges when the user chooses to launch Bitcoin Core at the end of the installation procedure. This PR works around the issue by having `explorer.exe` launch Bitcoin Core. Seems to be a similar approach to what http://nsis.sourceforge.net/ShellExecAsUser_plug-in does, but without a plugin. I've tested this with Sysinternals Process Explorer on Windows 10 32-bit. I wouldn't expect any differences in behavior on other Windows releases, but if anyone would like to test on other Windows releases, feel free. h/t to "UK" at https://mdb-blog.blogspot.se/2013/01/nsis-lunch-program-as-user-from-uac.html?showComment=1410158039989#c2463780017054126736 for the sample code. Fixes bitcoin#7990. Tree-SHA512: f40d6b6e5bb72952dcfbf223b68bfeb9a03bd5638f41b1700f4651f6452ce3fe7468129f6652c4f546210a5fd2521b2574c4b6068c5aea01ed2d719a8a838cd8
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The Bitcoin Core NSIS script runs with elevated privileges. Unfortunately, this means that it launches Bitcoin Core itself with elevated privileges when the user chooses to launch Bitcoin Core at the end of the installation procedure. This PR works around the issue by having
explorer.exelaunch Bitcoin Core. Seems to be a similar approach to what http://nsis.sourceforge.net/ShellExecAsUser_plug-in does, but without a plugin.I've tested this with Sysinternals Process Explorer on Windows 10 32-bit. I wouldn't expect any differences in behavior on other Windows releases, but if anyone would like to test on other Windows releases, feel free.
h/t to "UK" at https://mdb-blog.blogspot.se/2013/01/nsis-lunch-program-as-user-from-uac.html?showComment=1410158039989#c2463780017054126736 for the sample code.
Fixes #7990.