Neil Enns wrote:
Thanks for the details, Rob. It sounds like from you write below that
the security issue exists regardless of whether the files are
temporary, correct? Any time you have an installer that writes files
to a disk, then executes them via a deferred custom action, the
vulnerability owuld be there?
No, because Program Files is a "secure" location. To write to it, you'd
already need to be admin.
In our specific case, the files we're laying down on disk are the
DirectX 9.0c redist files we need, then we execute them at the end of
our setup.
In FlightSim, I leave the files installed so I can run repair. FWIW.
--
sig://boB
http://joyofsetup.com/
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
WiX-users mailing list
WiX-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wix-users
