Re: [WiX-users] C# custom action to grant builtin user the installation folder full control

Tue, 16 Jul 2013 12:08:13 -0700 

Hi, Edwin,



Thanks for your advice.



For the final product, we only give full control to authenicated users.  Now, I 
just want to study the C# custom action.



I have another strange finding while using the custom action, I have no idea 
why???



        [CustomAction]

        public static ActionResult GrantEveryOneFullAccessToFolder(Session 
session)

        {



            String installDir = @"C:\Installer\TestFolder";

            SetFullControl(installDir);   //this line works, it gives folder 
full control.



            String installDir2 = session["INSTALLDIR"];

            SetFullControl(installDir2);  //this line DOES NOT WORK,



            return ActionResult.Success;

        }



Any clue?



Regards,



JC

___________________________________________________________________________

Jianxin Chen | Senior Software Engineer

Baker Hughes | Software / Intelligent Production Systems

jianxin.c...@bakerhughes.com

Office: +1 713.934.4136

14990 Yorktown Plaza Drive, Houston, 77040

http://www.bakerhughes.com | Advancing Reservoir Performance



-----Original Message-----
From: Edwin Castro [mailto:egca...@gmail.com]
Sent: Tuesday, July 16, 2013 1:22 PM
To: General discussion for Windows Installer XML toolset.
Subject: Re: [WiX-users] C# custom action to grant builtin user the 
installation folder full control



Deferred custom actions must be scheduled between InstallInitialize and 
InstallFinalize to execute within the installation transaction and thus 
elevated.



Prefer to use 
PermissionEx<http://wix.sourceforge.net/manual-wix3/util_xsd_permissionex.htm>instead

of writing your own custom action.



Reconsider giving builtin\users full control of your target installation 
folder. This is a huge security hole that will allow attackers to inject 
arbitrary code into your application by copying a file to the application's 
directory.







On Tue, Jul 16, 2013 at 10:59 AM, Chen, Jianxin < 
jianxin.c...@bakerhughes.com<mailto:jianxin.c...@bakerhughes.com>> wrote:



> Hi, Experts,

>

> I created a C# custom action to grant the builtin\users full control

> of the installation target folder, but I have to run the "setup.exe as

> administrator" to make it work.

>

> If I just double-click the setup.exe, my custom action does not have

> the permission to change the folder.

>

> I have tried to use

>

> 1                 <CustomAction Id="GrantFullAccessToFolder"

> Execute="deferred" Impersonate="no" Return="check"

>  BinaryKey="GrantFullAccessToFolder.CA.dll" DllEntry="

> GrantFullAccessToFolder "/>

>

> ...

> <Custom Action="GrantFullAccessToFolder"  After="InstallFinalize">NOT

> Installed</Custom>

>

>

>

> 2       <Package InstallerVersion="301" Compressed="yes" ...

> InstallPrivileges="elevated"  InstallScope="perMachine" />

>

>

> They does not work!

>

> Any questions?

>

> Thanks!

>

> JC

> ______________________________________________________________________

> _____ Jianxin Chen | Senior Software Engineer Baker Hughes | Software

> / Intelligent Production Systems

> jianxin.c...@bakerhughes.com<mailto:jianxin.c...@bakerhughes.com<mailto:jianxin.c...@bakerhughes.com%3cmailto:jianxin.c...@bakerhughes.com>>

> Office: +1 713.934.4136

> 14990 Yorktown Plaza Drive, Houston, 77040

> http://www.bakerhughes.com<http://www.bakerhughes.com/<http://www.bakerhughes.com%3chttp:/www.bakerhughes.com/>>
>  | Advancing

> Reservoir Performance

>

>

> ----------------------------------------------------------------------

> -------- See everything from the browser to the database with

> AppDynamics Get end-to-end visibility with application monitoring from

> AppDynamics Isolate bottlenecks and diagnose root cause in seconds.

> Start your free trial of AppDynamics Pro today!

> http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.c

> lktrk _______________________________________________

> WiX-users mailing list

> WiX-users@lists.sourceforge.net<mailto:WiX-users@lists.sourceforge.net>

> https://lists.sourceforge.net/lists/listinfo/wix-users

>







--

Edwin G. Castro

------------------------------------------------------------------------------

See everything from the browser to the database with AppDynamics Get end-to-end 
visibility with application monitoring from AppDynamics Isolate bottlenecks and 
diagnose root cause in seconds.

Start your free trial of AppDynamics Pro today!

http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk

_______________________________________________

WiX-users mailing list

WiX-users@lists.sourceforge.net<mailto:WiX-users@lists.sourceforge.net>

https://lists.sourceforge.net/lists/listinfo/wix-users
------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
WiX-users mailing list
WiX-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wix-users

Reply via email to