wix/src/dtf/SfxCA, branch bob/DecrashUtilDecompiler

wix/src/dtf/SfxCA, branch bob/DecrashUtilDecompiler A mirror of https://github.com/wixtoolset/wix.git https://git.lua4.win/wix/atom?h=bob%2FDecrashUtilDecompiler 2024-04-05T16:46:43+00:00 Ensure elevated SFXCA uses Windows Installer cache and unelevated uses Temp folder 2024-04-05T16:46:43+00:00 Rob Mensching rob@firegiant.com 2024-04-04T22:24:34+00:00 urn:sha1:681cf4a9eb6be7e4092c6e5b690773fbd8469e63 Fixes 8078 Protect elevated working folder from malicious data 2024-03-22T18:57:27+00:00 Rob Mensching rob@firegiant.com 2024-03-21T06:51:53+00:00 urn:sha1:fed3d69eb4da7fa2bafdd8f555ce5869c36925f7 When running elevated, Burn uses the Windows Temp folder as its working folder to prevent normal processes from tampering with the files. Windows Temp does allow non-elevated processes to write to the folder but they cannot see the files there. Unfortunately, contrary to our belief, non-elevated processes can read the files in Windows Temp by watching for directory changes. This allows a malicious process to lie in wait, watching the Windows Temp folder until a Burn process is launched elevated, then attack the working folder. Mitigate that attack by protecting the working folder to only elevated users. Managed custom actions also fall back to using the Windows Temp folder in some cases and thus can be exposed in a similar fashion as an elevated Burn process. Remove that possibility. Don't follow junctions when recursing directories. 2024-03-22T18:55:43+00:00 Rob Mensching rob@firegiant.com 2024-03-22T18:55:43+00:00 urn:sha1:e84b6768772c01e44dd55fb583cf78388ec7e48a When deleting directories recursively, an elevated custom action following junctions in a user-writable location could recurse into any directory, including some that you might not want to be deleted. Therefore, avoid recursing into directories that are actually junctions (aka "reparse points"). This applies to: - The RemoveFoldersEx custom action (which doesn't actually do deletions but would instruct elevated MSI to delete on your behalf). - DTF's custom action runner. Minimize calls into GitInfo by caching results during build_init 2022-11-13T15:27:49+00:00 Rob Mensching rob@firegiant.com 2022-11-11T07:35:31+00:00 urn:sha1:c8a832c931f6c34892e596a11c14e9181d5eee16 Provide managed CA and Embedded UI DTF libraries via NuGet 2022-04-01T01:01:06+00:00 Rob Mensching rob@firegiant.com 2022-03-31T18:56:14+00:00 urn:sha1:47582b162368e8edf7a3b11c13b8e9dabc5f0a26 Lots of refactoring to bring the SFX tooling back into the 'dtf' layer since they are (in the end) tightly coupled to some DTF assemblies. Also refactored the DTF tests into their own folder and added a couple integration tests to build using the new CA/UI NuGet package. Closes wixtoolset/issues#6080