[vlc-devel] [PATCH] nsis: remove unsecure options from the installer

Ludovic Fauvet etix at videolan.org
Thu Jul 5 23:42:17 CEST 2012


On Thu, Jul 5, 2012 at 11:26 PM, Rafaël Carré <funman at videolan.org> wrote:
> Le 2012-07-05 23:25, Ludovic Fauvet a écrit :
>> Because we can't efficiently drop the privileges acquired by the UAC it
>> is wise to remove the possibility for the user to start VLC or view the
>> README at the end of the installation process.
>
> Looks good to me, we have several ways of running VLC already (like
> double clicking the file that required VLC in the first place).
>
>> ---
>>  extras/package/win32/vlc.win32.nsi.in | 13 -------------
>>  1 file changed, 13 deletions(-)
>>
>> diff --git a/extras/package/win32/vlc.win32.nsi.in b/extras/package/win32/vlc.win32.nsi.in
>> index f1aebe3..1b573fc 100644
>> --- a/extras/package/win32/vlc.win32.nsi.in
>> +++ b/extras/package/win32/vlc.win32.nsi.in
>> @@ -78,21 +78,8 @@ RequestExecutionLevel user
>>    ; Instfiles page
>>      !insertmacro MUI_PAGE_INSTFILES
>>    ; Finish page
>> -
>> -    Function ExecAppFile
>> -      Exec '$INSTDIR\vlc.exe'
>> -    FunctionEnd
>> -
>> -    Function AppRunAs
>> -      !insertmacro UAC.CallFunctionAsUser ExecAppFile
>> -    FunctionEnd
>> -
>> -    !define MUI_FINISHPAGE_RUN
>> -    !define MUI_FINISHPAGE_RUN_FUNCTION AppRunAs
>>      !define MUI_FINISHPAGE_LINK $Link_VisitWebsite
>>      !define MUI_FINISHPAGE_LINK_LOCATION "http://www.videolan.org/vlc/"
>> -    !define MUI_FINISHPAGE_SHOWREADME "$INSTDIR\README.txt"
>> -    !define MUI_FINISHPAGE_SHOWREADME_NOTCHECKED
>
> We could still leave the README in the final screen (although nobody
> reads that, right?)

No, it's even worse than running VLC because the document is
opened with elevated privileges while using the file association
mechanism to select the text editor.

>
>>      !define MUI_FINISHPAGE_NOREBOOTSUPPORT
>>      !insertmacro MUI_PAGE_FINISH
>>
>>
>
>
> _______________________________________________
> vlc-devel mailing list
> To unsubscribe or modify your subscription options:
> http://mailman.videolan.org/listinfo/vlc-devel



-- 
Ludovic Fauvet



More information about the vlc-devel mailing list