mirror of
https://github.com/keepassxreboot/keepassxc.git
synced 2025-12-04 15:39:34 +01:00
Prevent launch on installer finish when run as SYSTEM
* This condition will only happen when KeePassXC is installed by MECM or similar deployment tool. This prevents accidental launch on exit if the packager forgot to set LAUNCHAPPONEXIT=0 in the msiexec call. Allowing launch on exit in these conditions would potentially allow a non-privileged user to assume the role of SYSTEM through the KeePassXC application. * Fixes weakness reported by HackAndPwn, thank you!
This commit is contained in:
Jonathan White
committed by
Janek Bevendorff
Janek Bevendorff
parent
a5c9ffbef7
commit
72308a1706
@@ -121,6 +121,8 @@
|
|||||||
<SetProperty Id="AUTOSTARTPROGRAM" After="AppSearch" Value="" Sequence="first">AUTOSTARTPROGRAM="0" OR (WIX_UPGRADE_DETECTED AND NOT AUTOSTARTPROGRAM_REGISTRY)</SetProperty>
|
<SetProperty Id="AUTOSTARTPROGRAM" After="AppSearch" Value="" Sequence="first">AUTOSTARTPROGRAM="0" OR (WIX_UPGRADE_DETECTED AND NOT AUTOSTARTPROGRAM_REGISTRY)</SetProperty>
|
||||||
<SetProperty Id="ADDTOPATH" After="AppSearch" Value="" Sequence="first">ADDTOPATH="0" OR (WIX_UPGRADE_DETECTED AND NOT ADDTOPATH_REGISTRY)</SetProperty>
|
<SetProperty Id="ADDTOPATH" After="AppSearch" Value="" Sequence="first">ADDTOPATH="0" OR (WIX_UPGRADE_DETECTED AND NOT ADDTOPATH_REGISTRY)</SetProperty>
|
||||||
<SetProperty Id="LicenseAccepted" After="AppSearch" Value="1">WIX_UPGRADE_DETECTED</SetProperty>
|
<SetProperty Id="LicenseAccepted" After="AppSearch" Value="1">WIX_UPGRADE_DETECTED</SetProperty>
|
||||||
|
<!-- Prevent launch on installer exit if run as SYSTEM user -->
|
||||||
|
<SetProperty Id="LAUNCHAPPONEXIT" After="AppSearch" Value="">UserSID = "S-1-5-18"</SetProperty>
|
||||||
|
|
||||||
<FeatureRef Id="ProductFeature">
|
<FeatureRef Id="ProductFeature">
|
||||||
<ComponentRef Id="ApplicationShortcuts" />
|
<ComponentRef Id="ApplicationShortcuts" />
|
||||||
|
|||||||
Reference in New Issue
Block a user