Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
Windows: Avoid launching as admin when NSIS installer ends. #12985
The Bitcoin Core NSIS script runs with elevated privileges. Unfortunately, this means that it launches Bitcoin Core itself with elevated privileges when the user chooses to launch Bitcoin Core at the end of the installation procedure. This PR works around the issue by having
I've tested this with Sysinternals Process Explorer on Windows 10 32-bit. I wouldn't expect any differences in behavior on other Windows releases, but if anyone would like to test on other Windows releases, feel free.
h/t to "UK" at https://mdb-blog.blogspot.se/2013/01/nsis-lunch-program-as-user-from-uac.html?showComment=1410158039989#c2463780017054126736 for the sample code.
I've tested this using the method @ken2812221 suggested. Basically create a bitcoin.conf with
However if you then install the gitian build provided by @jonasschnelli, and launch Core at the end of the installation, we get an exception. Looking at the debug.log, we no longer have access to
Apr 18, 2018
1 check passed
added a commit
this pull request
Apr 18, 2018
I’m not sure if launching explorer.exe with the program as an argument is exactly equivalent to what that page describes (calling various functions directly).…
On Thu, Apr 19, 2018 at 12:42 AM JeremyRand ***@***.***> wrote: @Michagogo <https://github.com/Michagogo> I'm not sure whom at Microsoft Ericlaw talked to (he doesn't give any citation), but Microsoft has recommended <https://blogs.msdn.microsoft.com/oldnewthing/20131118-00/?p=2643> the approach of using explorer.exe for this. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#12985 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ACcNnuY2XCFhgZWIGqt1gT0Qh3biAlPSks5tp7NDgaJpZM4TVEfn> .
@Michagogo the Microsoft page I linked says:
So while I haven't audited the Microsoft sample code to verify that it does that (Windows C API's aren't my specialty), I think it's reasonable to infer that the Microsoft sample code matches the Microsoft description (which matches what this PR does).
Windows C APIs aren’t my specialty either, so maybe someone with more experience could weigh in, but that code definitely doesn’t just run explorer.exe with an argument. Just by skimming it, it’s clear that it somehow looks at the environment to get some kind of handle or something on the running shell and call a function on that. That may, however, be equivalent - I don’t have enough deep Windows knowledge to say for sure what the difference is.…
On Thu, Apr 19, 2018 at 8:38 AM JeremyRand ***@***.***> wrote: @Michagogo <https://github.com/Michagogo> the Microsoft page I linked says: The solution here is to go back to Explorer and ask Explorer to launch the program for you. Since Explorer is running as the original unelevated user, the program (in this case, the Web browser) will run as Bob. So while I haven't audited the Microsoft sample code to verify that it does that (Windows C API's aren't my specialty), I think it's reasonable to infer that the Microsoft sample code matches the Microsoft description (which matches what this PR does). — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#12985 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ACcNnvgiN0-Jy6P-unbmA2Ig5JDQ7qDVks5tqCK5gaJpZM4TVEfn> .