Reported by jteh on 2009-08-23 10:09
In Windows Vista and beyond, an AT can set a uiAccess field in its manifest to specify whether it should gain additional privileges to access the UI of other applications. This is needed to access elevated applications; i.e. running as administrator. However, due to the security concerns this raises, the application must be signed with a trusted security certificate. We can't afford a cert signed by a trusted root CA at this stage. However, we have found a way to register a trusted root cert in the installer. NVDA should then use the uiAccess privilege wherever possible.
Comment 1 by jteh on 2009-10-29 03:21
Change of approach. NV Access has purchased a cert signed by a trusted root CA, so we will sign releases with that. Snapshots will not be signed, as we make no guarantees about snapshots.
A new option, --enable-uiAccess, has been added to setup.py's py2exe command to enable uiAccess for nvda.exe. This should only be used if it will subsequently be signed by a trusted cert. This hasn't yet been merged into main; bzr branch: http://bzr.nvaccess.org/nvda/uiAccess/
I have updated the build scripts to enable uiAccess and sign the executables.
We need to allow certain messages through the message filter so that Java Access Bridge will work when NVDA is running with uiAccess. Mick is working on this.
Comment 2 by jteh on 2009-11-03 08:34
We needed to make a few other changes to get this working properly. The problem is that Windows won't allow uiAccess apps to run with uiAccess if they aren't in trusted system locations. The shell can start uiAccess applications outside of these locations (but doesn't give them uiAccess privs), but running the process in other ways fails. This means that portable copies cannot have uiAccess and that the installer must use !ShellExecute to start NVDA. Also, the service has to set uiAccess in the token in order to start a uiAccess application. Finally, giving uiAccess to the 64 bit nvdaHelperRemoteLoader required using NVDA's own process token with !CreateProcessAsUser. All of these changes are in the aforementioned bzr branch and will be merged soon.
TODO: Change the build script to enable uiAccess for installer but not for portable.
Comment 3 by jteh on 2009-11-04 04:34
uiAccess branch merged in r3351.
Comment 4 by jteh on 2009-11-04 06:12
Build script updated and tested. I think this is good to go.