[bug] avoid installing in custom paths

A vulnerability in QtIFW produces improper ACLs to be set when
installing in custom locations. This can lead to privilege escalation if
a non-privileged user overwrites the openvpn binary. Thanks to
researchers at Tenable for finding and reporting this!

Impact is considered low-medium, since an installation outside of the
suggested path is needed to trigger the issue.

Privileged execution of openvpn should be abandoned in next release, in
favor of the interactive service.

A bug upstream should be filed since other projects could be affected by
this vulnerability too.

-Resolves: #569

4 files changed, 9 insertions, 2 deletions

diff --git a/CHANGELOG b/CHANGELOG
index b50ddb2..982151f 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -13,6 +13,7 @@ development
 - Disable autostart on first run
 - Provider "message of the day"
 - primitive version check for windows, osx.
+- #569 avoid installing in custom paths to mitigate security issue in windows
 
 
 0.21.6
diff --git a/Makefile b/Makefile
index d0d4040..e7096cc 100644
--- a/Makefile
+++ b/Makefile
@@ -178,6 +178,7 @@ ifeq (${PLATFORM}, windows)
 	"c:\windows\system32\rcedit.exe" ${QTBUILD}/release/${TARGET}.exe --set-version-string CompanyName "LEAP Encryption Access Project"
 	"c:\windows\system32\rcedit.exe" ${QTBUILD}/release/${TARGET}.exe --set-version-string FileDescription "${APPNAME}"
 	"c:\windows\system32\signtool.exe" sign -debug -f "z:\leap\LEAP.pfx" -p ${WINCERTPASS} ${QTBUILD}/release/${TARGET}.exe
+	# XXX need to deprecate helper and embrace interactive service
 	cp build/bin/${PLATFORM}/bitmask-helper build/bin/${PLATFORM}/bitmask-helper.exe
 	"c:\windows\system32\rcedit.exe" build/bin/${PLATFORM}/bitmask-helper.exe --set-file-version ${VERSION}
 	"c:\windows\system32\rcedit.exe" build/bin/${PLATFORM}/bitmask-helper.exe --set-product-version ${VERSION}
@@ -231,7 +232,6 @@ else
 	@cp ${VENDOR_PATH}/assets/icon.ico ${INST_DATA}/icon.ico
 endif
 	@cp ${QTBUILD}/release/${TARGET}.exe ${INST_DATA}${TARGET}.exe
-	# FIXME get the signed binaries with curl from openvpn downloads page.
 	@cp "/c/Program Files/OpenVPN/bin/openvpn.exe" ${INST_DATA}
 	@cp "/c/Program Files/OpenVPN/bin/"*.dll ${INST_DATA}
 ifeq (${RELEASE}, yes)
@@ -243,6 +243,11 @@ else
 endif
 	# TODO stage it to shave some time
 	@wget ${TAP_WINDOWS} -O ${INST_DATA}/tap-windows.exe
+	# XXX this is a workaround for missing libs after windeployqt ---
+	@cp /c/Qt/5.15.2/mingw81_64/bin/libgcc_s_seh-1.dll ${INST_DATA}
+	@cp /c/Qt/5.15.2/mingw81_64/bin/libstdc++-6.dll ${INST_DATA}
+	@cp /c/Qt/5.15.2/mingw81_64/bin/libwinpthread-1.dll ${INST_DATA}
+	@cp -r /c/Qt/5.15.2/mingw81_64/qml ${INST_DATA}
 endif
 ifeq (${PLATFORM}, linux)
 	@VERSION=${VERSION} ${SCRIPTS}/gen-qtinstaller linux ${INSTALLER}
diff --git a/branding/scripts/gen-qtinstaller b/branding/scripts/gen-qtinstaller
index 5b4d103..eb11d3b 100755
--- a/branding/scripts/gen-qtinstaller
+++ b/branding/scripts/gen-qtinstaller
@@ -27,7 +27,7 @@ OS_CONFIG = {
 """,
     'windows': """
     <!-- windows -->
-    <TargetDir>@ApplicationsDir@/$APPNAME</TargetDir>
+    <TargetDir>c:/Program Files (x86)/$APPNAME</TargetDir>
     <StartMenuDir>$APPNAME</StartMenuDir>
 
     <RunProgram>@TargetDir@/$BINNAME.exe</RunProgram>
diff --git a/branding/templates/qtinstaller/packages/bitmaskvpn/meta/install.js b/branding/templates/qtinstaller/packages/bitmaskvpn/meta/install.js
index b97d0a7..aa3da1f 100644
--- a/branding/templates/qtinstaller/packages/bitmaskvpn/meta/install.js
+++ b/branding/templates/qtinstaller/packages/bitmaskvpn/meta/install.js
@@ -29,6 +29,7 @@ function Component() {
 
     console.log("OS: " + systemInfo.productType);
     console.log("Kernel: " + systemInfo.kernelType + "/" + systemInfo.kernelVersion);
+    installer.setDefaultPageVisible(QInstaller.TargetDirectory, false);
 
     var validOs = false;