Uploaded image for project: 'Qt Installer Framework'
  1. Qt Installer Framework
  2. QTIFW-2789

Modifying an application by running the maintenance executable on Windows starts the app with admin rights when using <RunProgram> for the "Finish" installer page

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Not Evaluated
    • None
    • 4.3.0, 4.4.1
    • General, Tools
    • None
    • Windows 10 Enterprise
    • Windows

    Description

      Starting point:

      1) Application is installed.

      2) There is an online update available.

      3) Configuration file is using <RunProgram> to start the app after update/initial install.

       

      Action:

      1) User starts the maintenance executable for the application by clicking "Modify" on the Windows 10  "Apps and Features" settings page.

      2) User selects components for which updates are available

      3) The user clicks "Finish" on the last page of the maintenance tool. The checkbox for starting the app after the update is checked.

       

      Observation:

      1) The app is started.

      2) The app is started with administration privileges.

       

      Expected:

      1) The app is started with normal user privileges.

       

      Comments:

      I think the issue is that the maintenance executable is started by "Apps and Features" after clicking "Modify" directly with admin privileges and this privilege is given also to the app started after clicking the "Finish" button.

       

      I also observed that when the maintenance executable is started by clicking the "Uninstall" button in the "Apps and Features" settings page of Windows then the maintenance executable is started without admin rights. Now the user can still update the  application threw the started maintenance application even though the user clicked "Uninstall" on the "Apps and Features" settings page. After clicking the "Finish" button and making sure the checkbox for starting the app was checked, the updated application starts without admin privileges. Worth to mention is that the maintenance executable is asking for elevated rights in the middle of the update process. Even though the final started app does not get these privileges inherited. This is what I would expect also when clicking the "Modify" button on the Apps and Features settings page of Windows.

       

      This issue can be reproduced by modifying Online Installer Example:

      https://doc.qt.io/qtinstallerframework/qtinstallerframework-online-example.html

      For this I created a simple application by using the Visual Studio "Windows Desktop Wizard" to create an application with a window (not console). 

      I changed the Qt Installer configuration files to add this executable to the installer and changed the config file to run it by adding <RunProgram> for the executable.

      I also made sure a local web server is running and having an update.

       

       

       

       

      Attachments

        Activity

          People

            installerteam Installer Team
            strentler Christian Kolek
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: