Steve Dower <steve.do...@python.org> added the comment:
> Is there anything on our end we can do to prevent this kind of issue in the > future? Probably not, I think it's just a lesson learned about the capabilities of the MSI format and its integration with Windows (well, we could hurry up moving everyone to the Windows Store, which doesn't have this issue, but that seems unlikely ;) ) Similar issues have been reported to the Windows Installer team (e.g. CVE-2021-41379, CVE-2021-26415) that could have been fixed by disabling the unelevated repair function, but weren't. So I think it just has to become a known thing for people building MSIs that a "repair" can be run by non-elevated users, and install-time variables may not be preserved for the repair. (In our case, that means actually searching for the existing install rather than trusting the variable our bundle normally provides to the MSI.) ---------- resolution: -> fixed stage: patch review -> resolved status: open -> closed _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue46948> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
