Context Navigation

Modify ↓

#9587 closed defect (fixed)

JOSM runs with elevated permissions when run from the end of the installer

Reported by:	DeeHants	Owned by:	team
Priority:	normal	Milestone:	14.08
Component:	Installer Windows	Version:	tested
Keywords:	uac elevation	Cc:

Description

What steps will reproduce the problem?

Download and run the JOSM installer for Win32 (6502 currently)
Select to run JOSM at the end of the installer
JOSM runs elevated with full admin access

What is the expected result?
JOSM should run unelevated

What happens instead?
JOSM runs elevated.

Please provide any additional information below. Attach a screenshot if
possible.
Not only is this an increased attack surface (not saying that JOSM is insecure), but it can
also cause issues accessing data on mapped drives, or even the local user profile if the
original user is not an admin user at all.

Repository Root: http://josm.openstreetmap.de/svn
Build-Date: 2013-12-19 23:53:53
Last Changed Author: simon04
Revision: 6502
Repository UUID: 0c6e7542-c601-0410-84e7-c038aed88b3b
URL: http://josm.openstreetmap.de/svn/trunk
Last Changed Date: 2013-12-19 22:48:46 +0100 (Thu, 19 Dec 2013)
Last Changed Rev: 6502

Identification: JOSM/1.5 (6502 en_GB) Windows 8 32-Bit
Memory Usage: 50 MB / 494 MB (12 MB allocated, but free)
Java version: 1.7.0_25, Oracle Corporation, Java HotSpot(TM) Client VM
VM arguments: [-Xms16m, -Xmx512m]

Plugin: AddrInterpolation (30034)
Plugin: DirectDownload (30102)
Plugin: FixAddresses (29971)
Plugin: OpeningHoursEditor (30117)
Plugin: gpxfilter (29854)
Plugin: imagery_offset_db (29832)
Plugin: imageryadjust (29854)
Plugin: notes (v0.8)
Plugin: openstreetbugs (30004)
Plugin: tagging-preset-tester (30017)
Plugin: turnrestrictions (30145)

Attachments (0)

Change History (3)

comment:1 by Don-vip, 10 years ago

Milestone:	→ 14.08

comment:2 by Don-vip, 10 years ago

Useful reading: http://www.klopfenstein.net/lorenz.aspx/simple-nsis-installer-with-user-execution-level

comment:3 by Don-vip, 10 years ago

Resolution:	→ fixed
Status:	new → closed

Fixed in [o30581]:

[josm_nsis] fix #josm9587 - JOSM runs with elevated permissions when run from the end of the installer:

update to MUI2
proper UAC handling (requires admin privileges)
locale update, proper use of $\r and $\n
fix typo in French translation
use of stdutils nsis plugin to launch JOSM as user in MUI_FINISHPAGE (ansi version until we switch to unicode installer later with NSIS 3)

Modify Ticket

Change Properties

Summary:
Type:		Priority:
Milestone:		Component:
Version:		Keywords:
Cc:	Set your email in Preferences

Action

leave as closed The owner will remain team.

change resolution as The resolution will be set.

reopen The resolution will be deleted. Next status will be 'reopened'.

Add Comment

Your email or username:

E-mail address and name can be saved in the Preferences .

You may use WikiFormatting here.

Attachments ↑ Description ↑

Note: See TracTickets for help on using tickets.

Download in other formats: