Re: [WiX-users] Temporary files in WiX?

Thu, 15 May 2008 21:05:30 -0700 

I'm not having any luck finding a link to his message but the logic went 
something like this....
   
  During a managed/elevated install  an administrator has blessed ( usually /jm 
) a package and a non-priv user invokes the package with /i.      The UI is not 
elevated but the execute / non-impersonated CA's are elevated.     When Type1 
CA's execute they are extracted as a random filename tmp file and immeadiatly 
consumed by the sandbox process.   If  that DLL has a dependency MSI doesn't 
support it.   If someone was to extract that file out for the life of the 
install and then consume that file by the Type 1 CA  you could theoretically 
have a situation where the user could tamper with the extracted file and inject 
untrusted code into the elevated process.
   
  I understand what he's saying... but on a security vs usability perspective ( 
and the realty that most packages are never serviced this way even though the 
platform was designed for it ) I choose to support this scenario.   The WiX 
toolset on the other hand chooses not to.
   
  I hope that makes sense.  BTW, you've helped me in the past with MSBuild/TFS. 
 Thankyou for your help.
   
  Chris
  

Neil Enns <[EMAIL PROTECTED]> wrote:
    P {   MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px  }      I'm not sure I understand 
the concern. My setup already lays the files down on disk and consumes them. I 
just want to be able to remove them after setup is complete, so they don't 
stick around taking space on the user's machine.
   
  Neil
   
    
---------------------------------
  From: Christopher Painter [EMAIL PROTECTED]
Sent: Thursday, May 15, 2008 6:30 PM
To: Neil Enns; wix-users@lists.sourceforge.net
Subject: Re: [WiX-users] Temporary files in WiX?


  
  Another reason why I have to use a different tool.    Everyone in the WiX 
world has to roll their own equivilant to InstallShield's  ISSetupFile table ( 
actions ISSetupFilesExtract and ISSetupFilesCleanup ).     Again, this seems to 
be driven by philosphy as Rob recently posted a whole explanation saying he's 
corncerned about man in the middle style attacks if a file was extracted and 
then consumed by an elevated setup.     His preferred solution seems to be that 
the MSI team support companion files in the CA sandbox but it's very unlikely 
that they will ever write that.

Neil Enns <[EMAIL PROTECTED]> wrote:     @font-face {   font-family: Cambria 
Math;  }  @font-face {   font-family: Calibri;  }  @page Section1 {size: 
612.0pt 792.0pt; margin: 72.0pt 72.0pt 72.0pt 72.0pt; }  P.MsoNormal {   
FONT-SIZE: 11pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Calibri","sans-serif"  }  
LI.MsoNormal {   FONT-SIZE: 11pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: 
"Calibri","sans-serif"  }  DIV.MsoNormal {   FONT-SIZE: 11pt; MARGIN: 0cm 0cm 
0pt; FONT-FAMILY: "Calibri","sans-serif"  }  A:link {   COLOR: blue; 
TEXT-DECORATION: underline; mso-style-priority: 99  }  SPAN.MsoHyperlink {   
COLOR: blue; TEXT-DECORATION: underline; mso-style-priority: 99  }  A:visited { 
  COLOR: purple; TEXT-DECORATION: underline; mso-style-priority: 99  }  
SPAN.MsoHyperlinkFollowed {   COLOR: purple; TEXT-DECORATION: underline; 
mso-style-priority: 99  }  SPAN.EmailStyle17 {   COLOR: windowtext; 
FONT-FAMILY: "Calibri","sans-serif"; mso-style-type: personal-compose  }  
.MsoChpDefault {  
 mso-style-type: export-only  }  DIV.Section1 {   page: Section1  }        Is 
there such a thing as temporary files during a wix install? We’re shipping some 
redist installers as part of our installer, and they only need to be on the end 
user’s machine for the duration of install. What’s the right way in WiX to 
indicate they’re temporary and should be cleaned up after install is finished? 
   
  Thanks!
   
  Neil

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft 
Defy all challenges. Microsoft(R) Visual Studio 2008. 
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/_______________________________________________
WiX-users mailing list
WiX-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wix-users

  



       
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft 
Defy all challenges. Microsoft(R) Visual Studio 2008. 
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
WiX-users mailing list
WiX-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wix-users

Reply via email to