the last of it?
This commit is contained in:
parent
db9cbf3fa8
commit
08cbd16d47
|
@ -52,7 +52,7 @@ namespace winrt::Microsoft::Terminal::Settings::Model
|
||||||
// - path: the path to the file to check
|
// - path: the path to the file to check
|
||||||
// Return Value:
|
// Return Value:
|
||||||
// - true if it had the expected permissions. False otherwise.
|
// - true if it had the expected permissions. False otherwise.
|
||||||
static bool _hasElevatedOnlyPermissions(const std::filesystem::path& path)
|
static bool _isOwnedByAdministrators(const std::filesystem::path& path)
|
||||||
{
|
{
|
||||||
// If the file is owned by the administrators group, trust the
|
// If the file is owned by the administrators group, trust the
|
||||||
// administrators instead of checking the DACL permissions. It's simpler
|
// administrators instead of checking the DACL permissions. It's simpler
|
||||||
|
@ -84,7 +84,7 @@ namespace winrt::Microsoft::Terminal::Settings::Model
|
||||||
{
|
{
|
||||||
if (elevatedOnly)
|
if (elevatedOnly)
|
||||||
{
|
{
|
||||||
const bool hadExpectedPermissions{ _hasElevatedOnlyPermissions(path) };
|
const bool hadExpectedPermissions{ _isOwnedByAdministrators(path) };
|
||||||
if (!hadExpectedPermissions)
|
if (!hadExpectedPermissions)
|
||||||
{
|
{
|
||||||
// delete the file. It's been compromised.
|
// delete the file. It's been compromised.
|
||||||
|
@ -204,7 +204,7 @@ namespace winrt::Microsoft::Terminal::Settings::Model
|
||||||
// If we're running in an elevated context, when this file is
|
// If we're running in an elevated context, when this file is
|
||||||
// created, it will automatically be owned by
|
// created, it will automatically be owned by
|
||||||
// Builtin\Administrators, which will pass the above
|
// Builtin\Administrators, which will pass the above
|
||||||
// _hasElevatedOnlyPermissions check.
|
// _isOwnedByAdministrators check.
|
||||||
//
|
//
|
||||||
// Programs running in an elevated context will be free to write the
|
// Programs running in an elevated context will be free to write the
|
||||||
// file, and unelevated processes will be able to read the file. An
|
// file, and unelevated processes will be able to read the file. An
|
||||||
|
@ -216,7 +216,7 @@ namespace winrt::Microsoft::Terminal::Settings::Model
|
||||||
|
|
||||||
wil::unique_hfile file{ CreateFileW(path.c_str(),
|
wil::unique_hfile file{ CreateFileW(path.c_str(),
|
||||||
GENERIC_WRITE,
|
GENERIC_WRITE,
|
||||||
FILE_SHARE_READ | FILE_SHARE_WRITE,
|
FILE_SHARE_READ | FILE_SHARE_DELETE,
|
||||||
elevatedOnly ? &sa : nullptr,
|
elevatedOnly ? &sa : nullptr,
|
||||||
CREATE_ALWAYS,
|
CREATE_ALWAYS,
|
||||||
FILE_ATTRIBUTE_NORMAL,
|
FILE_ATTRIBUTE_NORMAL,
|
||||||
|
|
Loading…
Reference in a new issue