Note: if you extract code files out during the script generation phase then use
them during the execution phase and your deferred Custom Action is elevated,
you could be open to an elevation of rights attack. Namely, the attacker could
wait for your first custom action to lay down the DLLs to the temp drive (or
wherever) then quickly replace them with malicious code and wait for your
elevated Custom Action to execute the malicious code. The malicious code can
do whatever it wants (like add the attacker to Administrators group). This
attack is why we haven't provided such utility code in the WiX toolset.
The obvious fix (off the top of my head) is to marshal all of the DLLs code
through CustomActionData. That's kinda crazy... string encoding binary code,
but it might work. <grin/> Maybe there is an easier way.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dwyer, Shawn
Sent: Tuesday, May 06, 2008 10:00
To: Kiran Subhedar (Sogeti); Blair Murri
Cc: wix-users@lists.sourceforge.net
Subject: Re: [WiX-users] Need assistance!
We use a similar approach of storing support files in a Binary table and
extracting them to %TEMP% during a custom action. However one thing we ran
into was that during the custom actions that wanted to use these files, %TEMP%
was not the same as where we extracted them to. This was due to each msiexec
process being run under a different session, which can be the case when
installing through terminal services (remote desktop), and on Wiindows Server
2003 and 2008.
As a work around we had the 'ExtractSupportFiles' custom action also write the
path it extracted to in the registry and referenced that in later custom
actions rather than %TEMP%.
Just something to watch out for.
________________________________
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kiran Subhedar
(Sogeti)
Sent: Monday, May 05, 2008 10:34 PM
To: Blair Murri
Cc: wix-users@lists.sourceforge.net
Subject: Re: [WiX-users] Need assistance!
Thanks again Blair! That's a very nice idea. Can you point me to some code or
site which can get me started?
Also I had another way (as explained in this link:
http://blog.deploymentengineering.com/2006/12/managed-code-can-access-msihandle_10.html
), using which a C++ CA will pass the MSI handle to the managed CA. In this
way the managed CA could access Binary table and execute the files. But this
means a lot of work as I need to host the CLR, then create the app domain, then
load and execute the assemblies. This indeed means a lot of work.
I liked you approach so I will give it a try.
Thanks again!
Kiran
From: Blair Murri [mailto:[EMAIL PROTECTED]
Sent: Monday, May 05, 2008 7:19 PM
To: Kiran Subhedar (Sogeti)
Cc: wix-users@lists.sourceforge.net
Subject: RE: Need assistance!
What I have seen others use is a C++ DLL CustomAction that extracts all needed
files from the Binary table to the %TEMP% directory, leaving them there, and
the deferred CAs then use/consume those files using the TEMP environment
variable to find them. If you really shouldn't leave the files around, you
could add a rollback/commit CA that erases them from the %TEMP% folder.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kiran Subhedar
(Sogeti)
Sent: Monday, May 05, 2008 7:07 PM
To: Blair Murri
Cc: wix-users@lists.sourceforge.net
Subject: Re: [WiX-users] Need assistance!
Thanks Blair! I could not use a Binary table since the executables executing
in-turn depend on one or other files. Moreover these are console applications
so they will show a pop-up when the CA is executed. Also the CA's are deferred
actions. So I think a Binary table wouldn't come to my rescue.
Thanks,
Kiran
From: Blair Murri [mailto:[EMAIL PROTECTED]
Sent: Monday, May 05, 2008 6:37 PM
To: Kiran Subhedar (Sogeti)
Cc: wix-users@lists.sourceforge.net
Subject: RE: Need assistance!
You could try using the Binary table instead of the File table to store the
support files. You would need to extract then yourself in a custom action, but
it could be the same custom action if that CA is not deferred.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kiran Subhedar
(Sogeti)
Sent: Monday, May 05, 2008 2:31 PM
To: wix-users@lists.sourceforge.net
Subject: [WiX-users] Need assistance!
Hi,
I am having an issue over here. I am using a custom action which uses some
support files. The action is required to run both in installation and
un-installation phases. But the support files needs to be removed after
installation. That means I will require these files again during
un-installation. How can I remove files after installation and again
install\remove them after un-installation? Any help would be appreciated.
Thanks,
Kiran
-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
WiX-users mailing list
WiX-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wix-users
