[jira] [Resolved] (DAEMON-245) Support privilege escalation on Windows (UAC)

Mon, 22 Oct 2012 00:08:17 -0700 

     [ 
https://issues.apache.org/jira/browse/DAEMON-245?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Mladen Turk resolved DAEMON-245.
--------------------------------

       Resolution: Fixed
    Fix Version/s: 1.0.11

Added slightly modified prunsrv.manifest which should do the trick.
Not sure if Commons-Controls dependency is needed or not.
Thanks!
                
> Support privilege escalation on Windows (UAC)
> ---------------------------------------------
>
>                 Key: DAEMON-245
>                 URL: https://issues.apache.org/jira/browse/DAEMON-245
>             Project: Commons Daemon
>          Issue Type: New Feature
>          Components: Procrun
>    Affects Versions: 1.0.10
>         Environment: Windows Vista+
>            Reporter: Rainer Jung
>             Fix For: 1.0.11
>
>
> Windows introduced User Access Control which limits things users can do even 
> if they are logged in as administrators. Management of services is one of 
> those things. Usually the recommendation was to switch the UAC feature off, 
> but it is not to hard to support UAC for procrun.
> Any binary can include information about a needed privilege escalation. If 
> you start such a binary, the usualy Windows confirmation popup of UAC will 
> show and you can confirm the operation.
> To support this, the manifest included in the exe files need to be enhanced. 
> The following is an example for prunsrv:
> <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
> <assemblyIdentity version="3.1.0.0" processorArchitecture="*" 
> name="Apache.Procrun.Prunsrv" type="win32"></assemblyIdentity>
> <description>Apache Procrun Service Manager</description>
> <dependency>
> <dependentAssembly>
> <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" 
> version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" 
> language="*"></assemblyIdentity>
> </dependentAssembly>
> </dependency>
> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
> <security>
> <requestedPrivileges>
> <requestedExecutionLevel level="requireAdministrator" 
> uiAccess="false"></requestedExecutionLevel>
> </requestedPrivileges>
> </security>
> </trustInfo>
> </assembly>
> I used this manifest and the same one with the string "Prunsrv" replaced by 
> "Prunmgr" successfully on Windows 7.
> I do not know, whether such an extended manifest has negative cnsequences on 
> older Windows.
> If accepted, the manifest should be added to both binaries. Currently only 
> one of them contains a manifest.
> Regards,
> Rainer

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to