You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "Mladen Turk (JIRA)" <ji...@apache.org> on 2012/10/22 09:08:12 UTC

[jira] [Resolved] (DAEMON-245) Support privilege escalation on Windows (UAC)

     [ https://issues.apache.org/jira/browse/DAEMON-245?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Mladen Turk resolved DAEMON-245.
--------------------------------

       Resolution: Fixed
    Fix Version/s: 1.0.11

Added slightly modified prunsrv.manifest which should do the trick.
Not sure if Commons-Controls dependency is needed or not.
Thanks!
                
> Support privilege escalation on Windows (UAC)
> ---------------------------------------------
>
>                 Key: DAEMON-245
>                 URL: https://issues.apache.org/jira/browse/DAEMON-245
>             Project: Commons Daemon
>          Issue Type: New Feature
>          Components: Procrun
>    Affects Versions: 1.0.10
>         Environment: Windows Vista+
>            Reporter: Rainer Jung
>             Fix For: 1.0.11
>
>
> Windows introduced User Access Control which limits things users can do even if they are logged in as administrators. Management of services is one of those things. Usually the recommendation was to switch the UAC feature off, but it is not to hard to support UAC for procrun.
> Any binary can include information about a needed privilege escalation. If you start such a binary, the usualy Windows confirmation popup of UAC will show and you can confirm the operation.
> To support this, the manifest included in the exe files need to be enhanced. The following is an example for prunsrv:
> <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
> <assemblyIdentity version="3.1.0.0" processorArchitecture="*" name="Apache.Procrun.Prunsrv" type="win32"></assemblyIdentity>
> <description>Apache Procrun Service Manager</description>
> <dependency>
> <dependentAssembly>
> <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>
> </dependentAssembly>
> </dependency>
> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
> <security>
> <requestedPrivileges>
> <requestedExecutionLevel level="requireAdministrator" uiAccess="false"></requestedExecutionLevel>
> </requestedPrivileges>
> </security>
> </trustInfo>
> </assembly>
> I used this manifest and the same one with the string "Prunsrv" replaced by "Prunmgr" successfully on Windows 7.
> I do not know, whether such an extended manifest has negative cnsequences on older Windows.
> If accepted, the manifest should be added to both binaries. Currently only one of them contains a manifest.
> Regards,
> Rainer

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira