Bugs item #1633226, was opened at 2007-01-11 09:25
Message generated for change (Comment added) made by datallah
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=100235&aid=1633226&group_id=235

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: win32
Group: 2.0.0 beta 5
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Brant Gurganus (brantgurga)
Assigned to: Daniel Atallah (datallah)
Summary: security issue with installer

Initial Comment:
The installer currently offers to launch Gaim at the end of installation. 
Because the installer requires privelige elevation, particularly in Windows 
Vista but applicable to Windows XP as well, the Gaim launched at the end of 
installation is running in the administrator's account instead of a hopefully 
limited user account. The general technique for fixing this issue is having a 
wrapper installer that can run as a limited user that launches stub installers 
for the administrative portions. By doing so, the installer launching Gaim is 
not elevated, so Gaim will not be elevated.

----------------------------------------------------------------------

>Comment By: Daniel Atallah (datallah)
Date: 2007-03-02 14:14

Message:
Logged In: YES 
user_id=325843
Originator: NO

On further analysis, I don't think this isn't a bug in the gaim installer
at all.

If there is a standard procedure for dealing with this type of scenario,
NSIS should deal with it - each installer shouldn't need to screw around
with this.  The ability to launch Gaim at the end of the installation is
something built-in to NSIS.


----------------------------------------------------------------------

Comment By: Darren W. Hill (bastian227)
Date: 2007-03-02 13:46

Message:
Logged In: YES 
user_id=763719
Originator: NO

Personally, I appreciate the submitter bringing this to everyone's
attention.  I see numerous programs making the assumption that the
administrator account and the user's account are one and the same.

Most of the issues I see with running a limited user account is not due to
the fact it is limited.  It is due to it being a different account (and
profile/registry).  To further the discussion about the Gaim installation,
I would point out that, although this is a one-time security issue, the
user's initial setup (i.e. adding IM accounts, adjusting preferences, etc.)
is modifying settings in the Administrator's profile.  The user logs out
and logs back in (as user), and all that work has to be done again.

Finally, I want to address the "clunky" Run As comment.  It's true: XP has
not made it super easy to elevate privileges, though it is much easier than
2000 and NT.  Too often I see the attitude that, if Run As is clunky, we
should just give up hope and do nothing to make it better.  Our inaction
keeps the cycle going.  For us non-programmers, all we can do is try to
educate people and submit bug reports. :)

----------------------------------------------------------------------

Comment By: Daniel Atallah (datallah)
Date: 2007-01-17 11:53

Message:
Logged In: YES 
user_id=325843
Originator: NO

I understand the issue (I did understand it from the initial submission,
and meant to comment on it, but didn't get around to it) and it is a valid
concern.

Fortunately, this not too critical for a number of reasons:
It will only apply to at most one instance per installation.
The impact to WinXP users is basically negligible since almost nobody uses
the limited accounts if they have the ability to be Admin users (the
privilege escalation through "Run As" is so clunky that just about nobody
uses it).

We should (and will) fix this, however, I don't see an easy way to do this
without some major changes to the installer and I don't have time to do
that right now.  I'm tempted to simply remove the ability to have the
installer launch gaim for now.

Patches for alternative solutions are welcome :)

----------------------------------------------------------------------

Comment By: Brant Gurganus (brantgurga)
Date: 2007-01-17 11:39

Message:
Logged In: YES 
user_id=558432
Originator: YES

No, what I am saying is this scenario:
Assume Gaim has a network-accessible buffer overflow.
Person is using Windows Vista where they are essentially always a limited
user or using Windows XP primarily as a limitd user.
Person begins a Gaim installation. As is necessary for installation,
Windows Vista prompts for elevation or installer is manually elevated in
Windows XP.
Person runs Gaim at the end of setup.

Actual result:
Gaim is running in the administrative account. Malicious person could use
the buffer overflow in Gaim to do activities requiring administrative
rights.

Expected result:
Gaim is running in limited user account. Malicious person using buffer
overflow can only affect user account.

----------------------------------------------------------------------

Comment By: Mark Doliner (thekingant)
Date: 2007-01-17 11:31

Message:
Logged In: YES 
user_id=20979
Originator: NO

And you're saying that a limited user account could replace gaim.exe with
some malicious executable?

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=100235&aid=1633226&group_id=235

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Gaim-bugs mailing list
Gaim-bugs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/gaim-bugs

Reply via email to