X-Spam-Check-By:	sourceware.org
Date:	Fri, 15 Dec 2006 21:53:01 +0100
From:	Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To:	cygwin AT cygwin DOT com
Subject:	Re: Vista & coreutils (or any other package)
Message-ID:	<20061215205301.GA8345@calimero.vinschen.de>
Reply-To:	cygwin AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
References:	<20061214152631 DOT GK9829 AT calimero DOT vinschen DOT de> <4582CB6A DOT 6000301 AT byu DOT net>
Mime-Version:	1.0
In-Reply-To:	<4582CB6A.6000301@byu.net>
User-Agent:	Mutt/1.4.2.2i
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Unsubscribe:	<mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com

On Dec 15 09:20, Eric Blake wrote:
> According to Corinna Vinschen on 12/14/2006 8:26 AM:
> > http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=1020271&SiteID=1&mode=1
> 
> Oh. My.  Well, as I maintain coreutils, and don't have access to Vista, I
> will have a very tough time testing any "workarounds" to this blatant bug.
>  Deciding that a file is a "security risk" purely on its metadata is
> absolutely wrong - it is the contents that matter, and not the file name.

You got this slightly wrong.  It's not about deciding whether an
executable is a security risk or not, it's about starting installer
software automatically with admin privileges by recognizing them
using a "heuristic"...

Anyway, I just made a quick test with the manifest file and, as Brian
already mentioned, it's actually very simple.

Create a text file "install.manifest" with this content

=== SNIP ===
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0"
     processorArchitecture="X86"
     name="install.exe"
     type="win32"/>

  <!-- Identify the application security requirements. -->
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel
          level="asInvoker"
          uiAccess="false"/>
        </requestedPrivileges>
       </security>
  </trustInfo>
</assembly>
=== SNAP ===

The version number can be any version number as long as it has four
groups of digits, apparently.  I tried with a version number "6.4"
and it failed to work.  A version number of "6.4.0.0" is ok, though.

Now create an install.rc file with this content:

=== SNIP ===
1 24 MOVEABLE PURE "install.manifest"
=== SNAP ===

Then, attach the resource like this:

$ windres install.rc install.rc.o
$ ld -o install.exe /usr/bin/install.exe install.rc.o

and the new install.exe in your local directory has a manifest which
results in normal, expected behaviour in Vista.  Of course you can
add the resource file to the normal link stage, too.  But for testing
it was simpler to relink the executable with the additional resource
file.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -