fix(Windows): Restrict non-default install directory permissions

Installations to Program Files (default) inherit restrictive permissions, disallowing regular users from writing to files in the install location. If a user installs to other directories with more lax permissions though, i.e. C:\, the install directory can be writable by non-admins, causing a privilege escalation opportunity. An unprivileged user could modify or replace the qTox binary or a dll, that would then be run by any other user on the system. Clone Program Files permissions rather than trying to craft sane permissions manually for simplicity and compatibility.
4 years ago · 553bd47e81
2 changed files with 40 additions and 0 deletions
--- a/windows/qtox.nsi
+++ b/windows/qtox.nsi
@ -206,6 +206,26 @@ FunctionEnd
				@@ -206,6 +206,26 @@ FunctionEnd
  ;Uninstall log file missing.
    LangString UninstLogMissing ${LANG_ENGLISH} "${UninstLog} not found!$\r$\nUninstallation cannot proceed!"

+  Section "Create install directory"
+    CreateDirectory "$INSTDIR"
+    nsExec::ExecToStack 'icacls "$PROGRAMFILES64" /save "$TEMP\program-files-permissions.txt"'
+    Pop $0 # return value/error/timeout
+    Pop $1 # printed text, up to ${NSIS_MAX_STRLEN}
+    FileOpen $0 "$TEMP\program-files-permissions.txt" r
+      FileReadUTF16LE $0 $1 1024
+      FileReadUTF16LE $0 $2 1024
+    FileClose $0
+    DetailPrint "First read line is: $1"
+    DetailPrint "Second read line is: $2"
+    FileOpen $0 "$TEMP\qTox-install-file-permissions.txt" w
+      FileWriteUTF16LE  $0 "$INSTDIR"
+      FileWriteUTF16LE  $0 "$\r$\n"
+      DetailPrint "Writing to file: $2"
+      FileWriteUTF16LE  $0 "$2"
+    FileClose $0
+    nsExec::Exec 'icacls "" /restore "$TEMP\qTox-install-file-permissions.txt"'
+  SectionEnd
+
  Section -openlogfile
    CreateDirectory "$INSTDIR"
    IfFileExists "$INSTDIR\${UninstLog}" +3
--- a/windows/qtox64.nsi
+++ b/windows/qtox64.nsi
@ -206,6 +206,26 @@ FunctionEnd
				@@ -206,6 +206,26 @@ FunctionEnd
  ;Uninstall log file missing.
    LangString UninstLogMissing ${LANG_ENGLISH} "${UninstLog} not found!$\r$\nUninstallation cannot proceed!"

+  Section "Create install directory"
+    CreateDirectory "$INSTDIR"
+    nsExec::ExecToStack 'icacls "$PROGRAMFILES64" /save "$TEMP\program-files-permissions.txt"'
+    Pop $0 # return value/error/timeout
+    Pop $1 # printed text, up to ${NSIS_MAX_STRLEN}
+    FileOpen $0 "$TEMP\program-files-permissions.txt" r
+      FileReadUTF16LE $0 $1 1024
+      FileReadUTF16LE $0 $2 1024
+    FileClose $0
+    DetailPrint "First read line is: $1"
+    DetailPrint "Second read line is: $2"
+    FileOpen $0 "$TEMP\qTox-install-file-permissions.txt" w
+      FileWriteUTF16LE  $0 "$INSTDIR"
+      FileWriteUTF16LE  $0 "$\r$\n"
+      DetailPrint "Writing to file: $2"
+      FileWriteUTF16LE  $0 "$2"
+    FileClose $0
+    nsExec::Exec 'icacls "" /restore "$TEMP\qTox-install-file-permissions.txt"'
+  SectionEnd
+
  Section -openlogfile
    CreateDirectory "$INSTDIR"
    IfFileExists "$INSTDIR\${UninstLog}" +3