Modify

Opened 5 years ago

Closed 5 years ago

#9587 closed defect (fixed)

JOSM runs with elevated permissions when run from the end of the installer

Reported by: DeeHants Owned by: team
Priority: normal Milestone: 14.08
Component: Installer Windows Version: tested
Keywords: uac elevation Cc:

Description

What steps will reproduce the problem?

  1. Download and run the JOSM installer for Win32 (6502 currently)
  2. Select to run JOSM at the end of the installer
  3. JOSM runs elevated with full admin access

What is the expected result?
JOSM should run unelevated

What happens instead?
JOSM runs elevated.

Please provide any additional information below. Attach a screenshot if
possible.
Not only is this an increased attack surface (not saying that JOSM is insecure), but it can
also cause issues accessing data on mapped drives, or even the local user profile if the
original user is not an admin user at all.

Repository Root: http://josm.openstreetmap.de/svn
Build-Date: 2013-12-19 23:53:53
Last Changed Author: simon04
Revision: 6502
Repository UUID: 0c6e7542-c601-0410-84e7-c038aed88b3b
URL: http://josm.openstreetmap.de/svn/trunk
Last Changed Date: 2013-12-19 22:48:46 +0100 (Thu, 19 Dec 2013)
Last Changed Rev: 6502

Identification: JOSM/1.5 (6502 en_GB) Windows 8 32-Bit
Memory Usage: 50 MB / 494 MB (12 MB allocated, but free)
Java version: 1.7.0_25, Oracle Corporation, Java HotSpot(TM) Client VM
VM arguments: [-Xms16m, -Xmx512m]

Plugin: AddrInterpolation (30034)
Plugin: DirectDownload (30102)
Plugin: FixAddresses (29971)
Plugin: OpeningHoursEditor (30117)
Plugin: gpxfilter (29854)
Plugin: imagery_offset_db (29832)
Plugin: imageryadjust (29854)
Plugin: notes (v0.8)
Plugin: openstreetbugs (30004)
Plugin: tagging-preset-tester (30017)
Plugin: turnrestrictions (30145)

Attachments (0)

Change History (3)

comment:1 Changed 5 years ago by Don-vip

Milestone: 14.08

comment:3 Changed 5 years ago by Don-vip

Resolution: fixed
Status: newclosed

Fixed in [o30581]:

[josm_nsis] fix #josm9587 - JOSM runs with elevated permissions when run from the end of the installer:

  • update to MUI2
  • proper UAC handling (requires admin privileges)
  • locale update, proper use of $\r and $\n
  • fix typo in French translation
  • use of stdutils nsis plugin to launch JOSM as user in MUI_FINISHPAGE (ansi version until we switch to unicode installer later with NSIS 3)

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain team.
as The resolution will be set.
The resolution will be deleted.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.