New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Don't serialize specific variables to the elevated Burn process #290

Merged
merged 2 commits into from Aug 21, 2015

Conversation

Projects
None yet
3 participants
@rseanhall
Member

rseanhall commented Aug 18, 2015

#228 allowed the unelevated Burn process to overwrite built in variables to fix 4630, but the elevated Burn process was using the ProgramFiles variables to make security decisions for ApprovedExeForElevation. So mark those variables as not to be serialized to the elevated process.

@barnson barnson added this to the v3.10 milestone Aug 18, 2015

Convert fBuiltin into an enum
Convert fBuiltin into an enum to use a whitelist instead of a blacklist for the builtin variables that the unelevated process can serialize to the elevated process.

Delete dead code.
@rseanhall

This comment has been minimized.

Show comment
Hide comment
@rseanhall

rseanhall Aug 20, 2015

Member

Updated based on yesterday's feedback. Also deleted property.h since it wasn't being used.

Member

rseanhall commented Aug 20, 2015

Updated based on yesterday's feedback. Also deleted property.h since it wasn't being used.

@@ -240,7 +242,7 @@ extern "C" HRESULT VariableInitialize(
{L"ProgramFilesFolder", InitializeVariableCsidlFolder, CSIDL_PROGRAM_FILESX86},
#else
{L"ProgramFiles64Folder", InitializeVariableRegistryFolder, CSIDL_PROGRAM_FILES},
{L"ProgramFilesFolder", InitializeVariableCsidlFolder, CSIDL_PROGRAM_FILES},
{L"ProgramFilesFolder", InitializeVariableCsidlFolder, CSIDL_PROGRAM_FILES },

This comment has been minimized.

@heaths

heaths Aug 20, 2015

Contributor

Not a big deal, but cleaner if you get rid of the now-added space. Probably just if you have any other changes to make.

@heaths

heaths Aug 20, 2015

Contributor

Not a big deal, but cleaner if you get rid of the now-added space. Probably just if you have any other changes to make.

@heaths

This comment has been minimized.

Show comment
Hide comment
@heaths

heaths Aug 20, 2015

Contributor

Looks good.

Contributor

heaths commented Aug 20, 2015

Looks good.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment