Security Issue in installation

Talk about code development, features, specific bugs, enhancements, patches, and similar things.
Forum rules
Please keep everything here strictly on-topic.
This board is meant for Pale Moon source code development related subjects only like code snippets, patches, specific bugs, git, the repositories, etc.

This is not for tech support! Please do not post tech support questions in the "Development" board!
Please make sure not to use this board for support questions. Please post issues with specific websites, extensions, etc. in the relevant boards for those topics.

Please keep things on-topic as this forum will be used for reference for Pale Moon development. Expect topics that aren't relevant as such to be moved or deleted.
lynx1153

Security Issue in installation

Unread post by lynx1153 » 2019-02-05, 10:48

I believe there may be a situation at the end of installation which presents a potential security risk to users.

At the end of the installation users are offered the opportunity to "Launch Pale Moon". However, since installation requires the user to give the installer elevated permissions, launching Pale Moon from this status then means that Pale Moon itself is now running with elevated permissions.

This is not immediately obvious to end users unless they have to select a privileged account to perform the installation, in which case they will then have the settings, history, bookmarks etc of the privileged account (which is itself another potential security risk where the installation is performed by an administrator who also does not realise that launching Pale Moon in this way could provide the end user with access to admin functions).

Until the end of installation "Launch Pale Moon" option can use the original logged-on users credentials I feel it should be disabled.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35479
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Security Issue in installation

Unread post by Moonchild » 2019-02-05, 11:49

Interesting report but i don't think there's an issue here.
The execution drops the elevated status when executing the browser .exe from an elevated process. The UAC plugin is used for this in the installer which calls the unelevated "outer" process to launch the browser instead of the elevated "inner" process that has been used to install the browser. See UAC::ExecCodeSegment which is used in this case to launch the browser from a function that is run in the user-privileged, not admin-privileged, environment.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

lynx1153

Re: Security Issue in installation

Unread post by lynx1153 » 2019-02-05, 12:02

Oh dear, it used to be an issue in some earlier version.

That will teach me to check that it is still doing what it used to do before reporting!

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35479
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Security Issue in installation

Unread post by Moonchild » 2019-02-05, 12:44

lynx1153 wrote:Oh dear, it used to be an issue in some earlier version.
That must have been a very very old version in that case because this installer code hasn't been changed for a very long time.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

Locked