diff options
| author | kali <kali@win> | 2021-12-15 19:45:11 +0100 |
|---|---|---|
| committer | kali kaneko (leap communications) <kali@leap.se> | 2021-12-15 20:02:12 +0100 |
| commit | e694a038c7edc146b63557425b307833b11aea57 (patch) | |
| tree | 4cef985ee8e19c040c5eedc0daf4a302a2e49bfa /branding/scripts | |
| parent | 7ab7b8cd822dc0e4548f9cf6795567f2eeef44e1 (diff) | |
[bug] avoid installing in custom paths
A vulnerability in QtIFW produces improper ACLs to be set when
installing in custom locations. This can lead to privilege escalation if
a non-privileged user overwrites the openvpn binary. Thanks to
researchers at Tenable for finding and reporting this!
Impact is considered low-medium, since an installation outside of the
suggested path is needed to trigger the issue.
Privileged execution of openvpn should be abandoned in next release, in
favor of the interactive service.
A bug upstream should be filed since other projects could be affected by
this vulnerability too.
-Resolves: #569
Diffstat (limited to 'branding/scripts')
| -rwxr-xr-x | branding/scripts/gen-qtinstaller | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/branding/scripts/gen-qtinstaller b/branding/scripts/gen-qtinstaller index 5b4d103..eb11d3b 100755 --- a/branding/scripts/gen-qtinstaller +++ b/branding/scripts/gen-qtinstaller @@ -27,7 +27,7 @@ OS_CONFIG = { """, 'windows': """ <!-- windows --> - <TargetDir>@ApplicationsDir@/$APPNAME</TargetDir> + <TargetDir>c:/Program Files (x86)/$APPNAME</TargetDir> <StartMenuDir>$APPNAME</StartMenuDir> <RunProgram>@TargetDir@/$BINNAME.exe</RunProgram> |