Notepad++ v8.8.2 Release Candidate

xomx

@donho said in Notepad++ v8.8.2 Release Candidate:

SHA256 of components are checked before they are loaded:

Then it’s ok, indeed.
Please correct me if I am wrong but it’s ok only until someone will not refresh the CIA idea to distribute (MITM or fake N++ installers) modified notepad++.exe & nppPluginList.dll files (now, without the certs preventing modification, it will be an easy target for a covert malicious use…)

xomx

@donho said in Notepad++ v8.8.2 Release Candidate:

9. Add feature to set read-only attribute on file so user can toggle (set/remove) read-only attribute of a file.

Just fixed one (probably long standing) related issue:

fix toggleReadOnlyFlagFromFileAttributes when invalid file attribute(s) or insufficient user rights #16733

(for STR just create with admin-rights e.g. C:\Program Files\test-RO.txt file and set its R/O-attribute, then open it as a non-admin in N++ and try to toggle (in older N++ use the “Clear Read-Only Flag” menu item) that read-only file attribute, then check it in Explorer or simply Alt-Tab from/to N++ and see that the tab R/O-state is back as the file read-only attribute removing failed due to insufficient rights…)

donho

@xomx

Just fixed one (probably long standing) related issue:

Merged into master now. Thank you.
I will add the warning message then update to the RC3.

Please correct me if I am wrong but it’s ok only until someone will not refresh the CIA idea to distribute (MITM or fake N++ installers) modified notepad++.exe & nppPluginList.dll files (now, without the certs preventing modification, it will be an easy target for a covert malicious use…)

You’re not wrong. But even with the code signing protection, people can still do code signing on their home-made Notepad++ installer to gain the trust. I admit it’s much harder though.

xomx

@donho said in Notepad++ v8.8.2 Release Candidate:

I will add the warning message

Ok.

Just FYI - I have in progress (so far so good, I’m already using it, it just needs to be tested more) a native N++ replacement for the deprecated NppSaveAsAdminPlugin. My concept used there will allow an easy addition of another N++ ops requiring the UAC-prompt elevation. That’s why I left this comment in my above fix when the SetFileAttributes failed - // probably the ERROR_ACCESS_DENIED (5) (TODO: UAC-prompt candidate).

---

One more thing - I don’t think I would be the only one here who would offer to share the costs of getting the new certificate so that you don’t have to finance it only yourself. Just say so if needed.

donho

FYI, RC3, in which a bug of new feature “Read-only attribute in Windows” is fixed, is available now - you can download it from the 1st post.

donho

@xomx

Just FYI - I have in progress (so far so good, I’m already using it, it just needs to be tested more) a native N++ replacement for the deprecated NppSaveAsAdminPlugin. My concept used there will allow an easy addition of another N++ ops requiring the UAC-prompt elevation.

So is it also a plugin or it’s a piece of code? It’ll be very helpful for saving, which is part of core functions in Notepad++. Though I consider toggling R/O file attribute flag as a helper not part of core functions, it’s still nice to have.

One more thing - I don’t think I would be the only one here who would offer to share the costs of getting the new certificate so that you don’t have to finance it only yourself. Just say so if needed.

Thank you! And thank you guys willing to contribute to the cost of the new certificate!
In fact, before leaving X, I tweeted about the certificate expiration issue, and DigiCert (I believe someone from their market team) has responded positively, offering a free of charge certificate.

Thanks to their generosity, I haven’t had to pay for a code signing certificate in the past 9 years:

However, the validation process is another story. It’s not the first time the name “Notepad++” has been rejected - I do understand the validation team’s position. But every single time I have had to communicate, negotiate, beg or/and shout on Twitter to gain a certificate issued under the name “Notepad++”. This circle repeats every 3 years, and frankly, I’m getting tired of it.

So thank you again for your kind & noble offer. Even if I had to pay for the certificate, it’s not about the money - it’s about signing our code under the name “Notepad++”. I believe we at least deserve that much.

xomx

@donho said in Notepad++ v8.8.2 Release Candidate:

So is it also a plugin or it’s a piece of code?

N++ own code.

I was starting to get tired of constantly checking the correct setup combinations for my N++ (backup snapshots ON/OFF vs N++ run as admin/non-admin, drag&drop for elevated vs non-elevated etc…) while editing system files etc.

I don’t like using that plugin not only because it messes with the FlushFileBuffers WINAPI, but also because it uses interprocess pipes and a custom unsigned external NppAdminAccess.exe app, which then manifests itself like this:

At first I was thinking about a new similar small but signed “npp-uac.exe” app, but then I thought - why not use the existing signed notepad++.exe for this! I will not pollute this thread more, but it is relatively simple PR and moreover it has the power to cover different N++ ops and not only the Save one as the NppSaveAsAdmin plugin (so e.g. adding a new #UAC-TOGGLE-R/O-ATTRIBUTE# should be then easy):

What you see above is Save-op N++ attempt, which is now in fact:

• detecting ERROR_ACCESS_DENIED while trying to open N++ output file for writing
• redirecting standard N++ output to a temp-location file (otherwise using the same file writing code as is now)
• requesting UAC-elevated op by calling the runas ShellExecuteEx on N++ with special params (will be handled later by slightly modified wWinMain)
• at the very start of wWinMain, the elevated N++ process detects it is a UAC-op request and not the usual N++ launching and does the requested op (in this case it will do a simple CopyFile temp2destination + DeleteFile(temp)) and immediately exits

xomx

@donho said in Notepad++ v8.8.2 Release Candidate:

the name “Notepad++” has been rejected - I do understand the validation team’s position. But every single time I have had to communicate, negotiate, beg or/and shout on Twitter to gain a certificate issued under the name “Notepad++”.

Did you consider establishing an “empty-shell” non-profit “Notepad++” company or association just for the N++ cert’s purposes? IDK how it works in France, but I think it will only involve a one-time registration + a new associated bank account, otherwise no tax payments etc…

donho

@xomx said in Notepad++ v8.8.2 Release Candidate:

requesting UAC-elevated op by calling the runas ShellExecuteEx on N++ with special params (will be handled later by slightly modified wWinMain)

There will always be a UAC popup or am I missing some details?

xomx

@donho

IDK if I understand your question point.

With the current N++ (and without the NppSaveAsAdmin plugin), if one tries saving to a “rights-protected” file, the following situation depends on some N++ settings:

1. With backup-snapshots ON and “Always in multi-inst” OFF, N++ cleverly uses its active backup-snapshot engine to store the current tab/filebuffer edits to its unprotected Backup location and then asks the user if wants to proceed to a (PERMANENTLY!) elevated N++ instance (the original non-elevated one will be closed):

then with Yes-answer the UAC popup:

then (and notice that despite all those previous dialogs asking the user for something, the edits still haven’t been saved and are waiting for the user to press e.g. the Save button again!, not saying that the Scintilla Change History feature is discontinued):

2. But with “Always in multi-inst” ON, N++ launches as admin BUT WITHOUT the current tab/filebuffer changes! Similar problem will be when “Always in multi-inst” is OFF but backup-snapshots is OFF too. In these two cases, you will have to switch back to the original N++ instance running and copy your tab/filebuffer changes to the launched “-multiInst” admin N++ instance.

Not only it’s all very confusing and inconvenient for the users but IMO also prone to make serious mistakes.

My new native N++ UAC-op implementation way will only do the originally requested but with insufficient rights denied op and then the elevated N++ instance immediately exits, leaving the user in its original N++ instance as if nothing special happened. It will not be dependent of any N++ backup-snapshot or multi-inst setting (all the UAC-ops will be executed at the very start of N++ wWinMain, thus not influenced at all by the N++ mutex stuff). Also there will not be needed a separate project for a N++ signed “NppAdminAccess.exe” UAC elevation helper.

donho

@xomx said in Notepad++ v8.8.2 Release Candidate:

My new native N++ UAC-op implementation way will only do the originally requested but with insufficient rights denied op and then the elevated N++ instance immediately exits, leaving the user in its original N++ instance as if nothing special happened.

OK. Please do a PR when you think it’s ready.

donho

@xomx said in Notepad++ v8.8.2 Release Candidate:

Did you consider establishing an “empty-shell” non-profit “Notepad++” company or association just for the N++ cert’s purposes? IDK how it works in France, but I think it will only involve a one-time registration + a new associated bank account, otherwise no tax payments etc…

In France “empty shell” company is illegal as in a lot of countries. Non-profit association OTOH is one of the possibilities. I’m checking the document/info for registering the association.

Otherwise, an announcement has been made:
https://notepad-plus-plus.org/news/8.8.2-available-in-1-week-without-certificate/
which might help the situation (or not).

xomx

@donho said in Notepad++ v8.8.2 Release Candidate:

Non-profit association OTOH is one of the possibilities. I’m checking the document/info for registering the association.

Thank you for this unnecessary bureaucracy undertaken that only distracts you from the coding. As if you have nothing else to do.

@Coises has a very good note about it here: “I hate the way it makes second (or third, or twentieth) class citizens of independent developers and open source projects.”

donho

FYI, the note of 8.8.2 RC has been updated.

schnurlos

FYI, 8.8.2 RC3 (npp.8.8.2.Installer.x64.exe) was blocked by Norton 360:

xomx

@donho

Non-profit association OTOH is one of the possibilities. I’m checking the document/info for registering the association.

I’ll try to fun-lighten this annoying matter for you a bit.

If the rules for obtaining an individual personal certificate state that it must be for a real living person and his/her name, why not take advantage of the opportunity to go to the registry office (I think it’s “état civil” in France(?)) and change your name instead! So no more “Don Ho” but from now on the “Mr. Notepad++” ;-)

---

I really hope that the registration and affiliation process is “lighter” in France than in my country (I could write a blog post about, sigh). Wish you (and also all of us N++ users) quick success.

donho

@xomx
Thank you for the encouragement with joke.

(I could write a blog post about, sigh)

Seriously, because of the situation I encounter, I have thought to launch a project of certificate authority which issues only to open source project with the project name. It’s an idea hard to be realized. But if someone finds a way to do it, I’ll do my contribution.

BTW, in https://github.com/notepad-plus-plus/notepad-plus-plus/issues/16744#issuecomment-3004905304, you have said:

Unfortunately - every N++ installer v8.8.1 and older is suffering from this vulnerability and the upcoming fixed v8.8.2 cannot be digitally signed for now. Tough decision.

That’s a fair description. What I have truly felt, is a picture: my head have already stuck between bars of a metal gate (no more certificate), and a huge strong guy (vulnerability) smiles to me evilly, walk around to go behind me and pull his pants down slowly…

But I might have a solution.

xomx

@donho said in Notepad++ v8.8.2 Release Candidate:

a project of certificate authority which issues only to open source project with the project name

if someone finds a way to do it, I’ll do my contribution

I can only offer my own experience from a different country (I am currently the “chairman” of a small non-profit association founded for one specific purpose only, so not so far from your intended purpose).

We did:

• named our association with a unique name (you - “Notepad++”)
• have drawn up the required statutes of our association (more or less Copy/Paste + some edit from our government muster - check your local authorities for it)
• organized the founding meeting of the association (you - the only person in the association == easy, do it only formally == on the paper)
• approved the program of the founding meeting, approved the board of directors, and then our chairman (ditto above, only a paper work for you, you will be member, board and director in one person)
• made a record of everything, all of us signed it and sent it to the appropriate state authorities for registration, together with the required forms, where we e.g. had to state bank account No. of the future association and its address (you - just use your personal address in France, at least we could)

Then there was some usual haggling with the authorities but in the end we succeeded (after a month or so). From that moment on, I’m doing most of the obligatory association bureaucracy things only on paper.

After you become such a one-person association, you apply as its legal representative for a certificate within the name of that association, but now finally for a legal entity called “Notepad++”.

It’s a stretch, but if you really want to, it’s doable. You might be able to find someone to do all this for you for a fee. Unfortunately, we couldn’t find anyone, so we fought thru ourselves.