From eac2aa7fad5513e85efbd9b0876d58c4cbf2a803 Mon Sep 17 00:00:00 2001 From: "Brian R. Bondy" Date: Sun, 22 Jan 2012 16:18:15 -0500 Subject: [PATCH] Bug 719066 - Callback application should relaunch with the same privileges it had last. r=rstrong --- toolkit/mozapps/update/updater/updater.cpp | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/toolkit/mozapps/update/updater/updater.cpp b/toolkit/mozapps/update/updater/updater.cpp index 87b75761bc1b..48d6a284d543 100644 --- a/toolkit/mozapps/update/updater/updater.cpp +++ b/toolkit/mozapps/update/updater/updater.cpp @@ -1591,10 +1591,6 @@ int NS_main(int argc, NS_tchar **argv) gSourcePath = argv[1]; #ifdef XP_WIN - // Disable every privilege we don't need. Processes started using - // CreateProcess will use the same token as this process. - UACHelper::DisablePrivileges(NULL); - bool useService = false; bool testOnlyFallbackKeyExists = false; bool noServiceFallback = getenv("MOZ_NO_SERVICE_FALLBACK") != NULL; @@ -1714,6 +1710,23 @@ int NS_main(int argc, NS_tchar **argv) sizeof(elevatedLockFilePath)/sizeof(elevatedLockFilePath[0]), NS_T("%s/update_elevated.lock"), argv[1]); + + // Even if a file has no sharing access, you can still get its attributes + bool startedFromUnelevatedUpdater = + GetFileAttributesW(elevatedLockFilePath) != INVALID_FILE_ATTRIBUTES; + + // If we're running from the service, then we were started with the same + // token as the service so the permissions are already dropped. If we're + // running from an elevated updater that was started from an unelevated + // updater, then we drop the permissions here. We do not drop the + // permissions on the originally called updater because we use its token + // to start the callback application. + if(startedFromUnelevatedUpdater) { + // Disable every privilege we don't need. Processes started using + // CreateProcess will use the same token as this process. + UACHelper::DisablePrivileges(NULL); + } + if (updateLockFileHandle == INVALID_HANDLE_VALUE || (useService && testOnlyFallbackKeyExists && noServiceFallback)) { if (!_waccess(elevatedLockFilePath, F_OK) &&