Notepad++ release 8.9.6.1
-
Then it seems like a “simple” implementation would be to let an empty supressRunAlertDialog.xml file work as @donho suggested, which would make it easy to create the installer checkbox he mentioned to restore old behavior.
I am leaning towards agreeing. I like the idea of granular control from my suggestion, because some user/admin might want it, I don’t know how important it would be. OTOH, making it easy for the installer checkbox, and thus easy for users to opt out of this fix, is definitely important.
. -
The configuration files (config.xml, shortcuts.xml & others) could reside on any location with cloud option or by “-settingsDir=” command argument…
So are you trying to fix a situation when a user (inadvertently) set for these N++ xml files a location, where also everyone else (instead of him or admins) has the write permission?
-
@Coises said:
Does this vulnerability mean that a user, by manipulating the shortcuts file (and responding OK to the prompt in 8.9.6.1), would be able to execute an arbitrary program from an arbitrary directory (as it would be executing under the control of Notepad++, which has already been whitelisted)?No. If an app is not on a whitelist (realized e.g. by Windows App Control for Business), it should not be executed (even from a whitelisted app).
Or would there still be a UAC prompt that the user could not satisfy?
This is other thing. UAC gets in the way whenever an action is required to be performed with higher than the current privileges. So if an attacker creates e.g. that config.xml “commandLineInterpreter” redirection to his “mycmd.exe”, UAC shows up e.g. if that mycmd.exe has a manifest within with higher execution level requested.
Thank you for the clarification.
If someone can do arbitrary writes to my Windows user profile (or persuades me to do it for him via that mentioned social engineering), then such an attacker can easily do also other mischievous things, e.g. redirecting my user environment variables like %PATH%, where I can have paths to executables…
That’s kind of why I wondered if the vulnerability was about a form of privilege escalation. If not…
You know, if someone gains write access to my desktop, they could replace my shortcut to Notepad++ with one that has the same name and icon but actually starts a malicious program. Shortcuts are a security risk! (/sarcasm… just in case)
-
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login