From 553bd47e8171fd4f15e062e4faf734e32002f6fb Mon Sep 17 00:00:00 2001 From: Anthony Bilinski Date: Wed, 2 Mar 2022 20:20:46 -0800 Subject: [PATCH] fix(Windows): Restrict non-default install directory permissions Installations to Program Files (default) inherit restrictive permissions, disallowing regular users from writing to files in the install location. If a user installs to other directories with more lax permissions though, i.e. C:\, the install directory can be writable by non-admins, causing a privilege escalation opportunity. An unprivileged user could modify or replace the qTox binary or a dll, that would then be run by any other user on the system. Clone Program Files permissions rather than trying to craft sane permissions manually for simplicity and compatibility. --- windows/qtox.nsi | 20 ++++++++++++++++++++ windows/qtox64.nsi | 20 ++++++++++++++++++++ 2 files changed, 40 insertions(+) diff --git a/windows/qtox.nsi b/windows/qtox.nsi index 676cefdb7..701fb21c9 100644 --- a/windows/qtox.nsi +++ b/windows/qtox.nsi @@ -206,6 +206,26 @@ FunctionEnd ;Uninstall log file missing. LangString UninstLogMissing ${LANG_ENGLISH} "${UninstLog} not found!$\r$\nUninstallation cannot proceed!" + Section "Create install directory" + CreateDirectory "$INSTDIR" + nsExec::ExecToStack 'icacls "$PROGRAMFILES64" /save "$TEMP\program-files-permissions.txt"' + Pop $0 # return value/error/timeout + Pop $1 # printed text, up to ${NSIS_MAX_STRLEN} + FileOpen $0 "$TEMP\program-files-permissions.txt" r + FileReadUTF16LE $0 $1 1024 + FileReadUTF16LE $0 $2 1024 + FileClose $0 + DetailPrint "First read line is: $1" + DetailPrint "Second read line is: $2" + FileOpen $0 "$TEMP\qTox-install-file-permissions.txt" w + FileWriteUTF16LE $0 "$INSTDIR" + FileWriteUTF16LE $0 "$\r$\n" + DetailPrint "Writing to file: $2" + FileWriteUTF16LE $0 "$2" + FileClose $0 + nsExec::Exec 'icacls "" /restore "$TEMP\qTox-install-file-permissions.txt"' + SectionEnd + Section -openlogfile CreateDirectory "$INSTDIR" IfFileExists "$INSTDIR\${UninstLog}" +3 diff --git a/windows/qtox64.nsi b/windows/qtox64.nsi index 0796650ef..8e3f3168b 100755 --- a/windows/qtox64.nsi +++ b/windows/qtox64.nsi @@ -206,6 +206,26 @@ FunctionEnd ;Uninstall log file missing. LangString UninstLogMissing ${LANG_ENGLISH} "${UninstLog} not found!$\r$\nUninstallation cannot proceed!" + Section "Create install directory" + CreateDirectory "$INSTDIR" + nsExec::ExecToStack 'icacls "$PROGRAMFILES64" /save "$TEMP\program-files-permissions.txt"' + Pop $0 # return value/error/timeout + Pop $1 # printed text, up to ${NSIS_MAX_STRLEN} + FileOpen $0 "$TEMP\program-files-permissions.txt" r + FileReadUTF16LE $0 $1 1024 + FileReadUTF16LE $0 $2 1024 + FileClose $0 + DetailPrint "First read line is: $1" + DetailPrint "Second read line is: $2" + FileOpen $0 "$TEMP\qTox-install-file-permissions.txt" w + FileWriteUTF16LE $0 "$INSTDIR" + FileWriteUTF16LE $0 "$\r$\n" + DetailPrint "Writing to file: $2" + FileWriteUTF16LE $0 "$2" + FileClose $0 + nsExec::Exec 'icacls "" /restore "$TEMP\qTox-install-file-permissions.txt"' + SectionEnd + Section -openlogfile CreateDirectory "$INSTDIR" IfFileExists "$INSTDIR\${UninstLog}" +3