New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use uiAccess in Windows Vista and beyond #397

Closed
nvaccessAuto opened this Issue Jan 1, 2010 · 4 comments

Comments

Projects
None yet
2 participants
@nvaccessAuto

nvaccessAuto commented Jan 1, 2010

Reported by jteh on 2009-08-23 10:09
In Windows Vista and beyond, an AT can set a uiAccess field in its manifest to specify whether it should gain additional privileges to access the UI of other applications. This is needed to access elevated applications; i.e. running as administrator. However, due to the security concerns this raises, the application must be signed with a trusted security certificate. We can't afford a cert signed by a trusted root CA at this stage. However, we have found a way to register a trusted root cert in the installer. NVDA should then use the uiAccess privilege wherever possible.

@nvaccessAuto

This comment has been minimized.

nvaccessAuto commented Jan 1, 2010

Comment 1 by jteh on 2009-10-29 03:21
Change of approach. NV Access has purchased a cert signed by a trusted root CA, so we will sign releases with that. Snapshots will not be signed, as we make no guarantees about snapshots.

A new option, --enable-uiAccess, has been added to setup.py's py2exe command to enable uiAccess for nvda.exe. This should only be used if it will subsequently be signed by a trusted cert. This hasn't yet been merged into main; bzr branch: http://bzr.nvaccess.org/nvda/uiAccess/

I have updated the build scripts to enable uiAccess and sign the executables.

We need to allow certain messages through the message filter so that Java Access Bridge will work when NVDA is running with uiAccess. Mick is working on this.

@nvaccessAuto

This comment has been minimized.

nvaccessAuto commented Jan 1, 2010

Comment 2 by jteh on 2009-11-03 08:34
We needed to make a few other changes to get this working properly. The problem is that Windows won't allow uiAccess apps to run with uiAccess if they aren't in trusted system locations. The shell can start uiAccess applications outside of these locations (but doesn't give them uiAccess privs), but running the process in other ways fails. This means that portable copies cannot have uiAccess and that the installer must use !ShellExecute to start NVDA. Also, the service has to set uiAccess in the token in order to start a uiAccess application. Finally, giving uiAccess to the 64 bit nvdaHelperRemoteLoader required using NVDA's own process token with !CreateProcessAsUser. All of these changes are in the aforementioned bzr branch and will be merged soon.

TODO: Change the build script to enable uiAccess for installer but not for portable.

@nvaccessAuto

This comment has been minimized.

nvaccessAuto commented Jan 1, 2010

Comment 3 by jteh on 2009-11-04 04:34
uiAccess branch merged in r3351.

@nvaccessAuto

This comment has been minimized.

nvaccessAuto commented Jan 1, 2010

Comment 4 by jteh on 2009-11-04 06:12
Build script updated and tested. I think this is good to go.
Changes:
State: closed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment