mirror of
https://github.com/mborgerson/xemu.git
synced 2025-12-01 16:10:01 +00:00
07ce178a2b
The custom action uses cmd.exe to run VSS Service installation and removal which causes an interactive command shell to spawn. This shell can be used to execute any commands as a SYSTEM user. Even if call qemu-ga.exe directly the interactive command shell will be spawned as qemu-ga.exe is a console application and used by users from the console as well as a service. As VSS Service runs from DLL which contains the installer and uninstaller code, it can be run directly by rundll32.exe without any interactive command shell. Add specific entry points for rundll which is just a wrapper for COMRegister/COMUnregister functions with proper arguments. resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2167423 fixes: CVE-2023-0664 (part 2 of 2) Signed-off-by: Konstantin Kostiuk <kkostiuk@redhat.com> Reviewed-by: Yan Vugenfirer <yvugenfi@redhat.com> Reported-by: Brian Wiltse <brian.wiltse@live.com>
179 lines
8.6 KiB
XML
179 lines
8.6 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<Wix xmlns="http://schemas.microsoft.com/wix/2006/wi">
|
|
<?if $(var.Arch) = "64"?>
|
|
<?define ArchLib=libgcc_s_seh-1.dll?>
|
|
<?define GaProgramFilesFolder="ProgramFiles64Folder" ?>
|
|
<?else?>
|
|
<?if $(var.Arch) = "32"?>
|
|
<?define ArchLib=libgcc_s_dw2-1.dll?>
|
|
<?define GaProgramFilesFolder="ProgramFilesFolder" ?>
|
|
<?else?>
|
|
<?error Unexpected Arch value $(var.Arch)?>
|
|
<?endif?>
|
|
<?endif?>
|
|
|
|
<Product
|
|
Name="QEMU guest agent"
|
|
Id="*"
|
|
UpgradeCode="{EB6B8302-C06E-4BEC-ADAC-932C68A3A98D}"
|
|
Manufacturer="$(var.QEMU_GA_MANUFACTURER)"
|
|
Version="$(var.QEMU_GA_VERSION)"
|
|
Language="1033">
|
|
<?if $(var.Arch) = 32 ?>
|
|
<Condition Message="Error: 32-bit version of Qemu GA can not be installed on 64-bit Windows.">NOT VersionNT64</Condition>
|
|
<?endif?>
|
|
<Package
|
|
Manufacturer="$(var.QEMU_GA_MANUFACTURER)"
|
|
InstallerVersion="200"
|
|
Languages="1033"
|
|
Compressed="yes"
|
|
InstallScope="perMachine"
|
|
/>
|
|
<Media Id="1" Cabinet="qemu_ga.$(var.QEMU_GA_VERSION).cab" EmbedCab="yes" />
|
|
<Property Id="WHSLogo">1</Property>
|
|
<Property Id="ARPNOMODIFY" Value="yes" Secure="yes" />
|
|
<MajorUpgrade
|
|
DowngradeErrorMessage="Error: A newer version of QEMU guest agent is already installed."
|
|
/>
|
|
|
|
<Directory Id="TARGETDIR" Name="SourceDir">
|
|
<Directory Id="$(var.GaProgramFilesFolder)" Name="QEMU Guest Agent">
|
|
<Directory Id="qemu_ga_directory" Name="Qemu-ga">
|
|
<Component Id="qemu_ga" Guid="{908B7199-DE2A-4DC6-A8D0-27A5AE444FEA}">
|
|
<File Id="qemu_ga.exe" Name="qemu-ga.exe" Source="$(var.BUILD_DIR)/qga/qemu-ga.exe" KeyPath="yes" DiskId="1"/>
|
|
<ServiceInstall
|
|
Id="ServiceInstaller"
|
|
Type="ownProcess"
|
|
Vital="yes"
|
|
Name="QEMU-GA"
|
|
DisplayName="QEMU Guest Agent"
|
|
Description="QEMU Guest Agent"
|
|
Start="auto"
|
|
Account="LocalSystem"
|
|
ErrorControl="ignore"
|
|
Interactive="no"
|
|
Arguments="-d --retry-path"
|
|
>
|
|
</ServiceInstall>
|
|
<ServiceControl Id="StartService" Start="install" Stop="both" Remove="uninstall" Name="QEMU-GA" Wait="yes" />
|
|
</Component>
|
|
<?ifdef var.InstallVss?>
|
|
<Component Id="libstdc++_6_lib" Guid="{55E737B5-9127-4A11-9FC3-A29367714574}">
|
|
<File Id="libstdc++-6.lib" Name="libstdc++-6.dll" Source="$(var.BIN_DIR)/libstdc++-6.dll" KeyPath="yes" DiskId="1"/>
|
|
</Component>
|
|
<Component Id="qga_vss_dll" Guid="{CB19C453-FABB-4BB1-ABAB-6B74F687BFBB}">
|
|
<File Id="qga_vss.dll" Name="qga-vss.dll" Source="$(var.BUILD_DIR)/qga/vss-win32/qga-vss.dll" KeyPath="yes" DiskId="1"/>
|
|
</Component>
|
|
<Component Id="qga_vss_tlb" Guid="{D8D584B1-59C2-4FB7-A91F-636FF7BFA66E}">
|
|
<File Id="qga_vss.tlb" Name="qga-vss.tlb" Source="$(var.BUILD_DIR)/qga/vss-win32/qga-vss.tlb" KeyPath="yes" DiskId="1"/>
|
|
</Component>
|
|
<?endif?>
|
|
<?if $(var.Arch) = "32"?>
|
|
<Component Id="gspawn-helper-console" Guid="{446185B3-87BE-43D2-96B8-0FEFD9E8696D}">
|
|
<File Id="gspawn-win32-helper-console.exe" Name="gspawn-win32-helper-console.exe" Source="$(var.BIN_DIR)/gspawn-win32-helper-console.exe" KeyPath="yes" DiskId="1"/>
|
|
</Component>
|
|
<Component Id="gspawn-helper" Guid="{CD67A5A3-2DB1-4DA1-A67A-8D71E797B466}">
|
|
<File Id="gspawn-win32-helper.exe" Name="gspawn-win32-helper.exe" Source="$(var.BIN_DIR)/gspawn-win32-helper-console.exe" KeyPath="yes" DiskId="1"/>
|
|
</Component>
|
|
<?endif?>
|
|
<?if $(var.Arch) = "64"?>
|
|
<Component Id="gspawn-helper-console" Guid="{9E615A9F-349A-4992-A5C2-C10BAD173660}">
|
|
<File Id="gspawn-win64-helper-console.exe" Name="gspawn-win64-helper-console.exe" Source="$(var.BIN_DIR)/gspawn-win64-helper-console.exe" KeyPath="yes" DiskId="1"/>
|
|
</Component>
|
|
<Component Id="gspawn-helper" Guid="{D201AD22-1846-4E4F-B6E1-C7A908ED2457}">
|
|
<File Id="gspawn-win64-helper.exe" Name="gspawn-win64-helper.exe" Source="$(var.BIN_DIR)/gspawn-win64-helper-console.exe" KeyPath="yes" DiskId="1"/>
|
|
</Component>
|
|
<?endif?>
|
|
<Component Id="iconv" Guid="{35EE3558-D34B-4F0A-B8BD-430FF0775246}">
|
|
<File Id="iconv.dll" Name="iconv.dll" Source="$(var.BIN_DIR)/iconv.dll" KeyPath="yes" DiskId="1"/>
|
|
</Component>
|
|
<Component Id="libgcc_arch_lib" Guid="{ADD4D07D-4515-4AB6-AF3E-C904961B4BB0}">
|
|
<File Id="libgcc_arch_lib" Name="$(var.ArchLib)" Source="$(var.BIN_DIR)/$(var.ArchLib)" KeyPath="yes" DiskId="1"/>
|
|
</Component>
|
|
<Component Id="libglib" Guid="{D31BFD83-2773-4B65-B45A-E0D2ADA58679}">
|
|
<File Id="libglib_2.0_0.dll" Name="libglib-2.0-0.dll" Source="$(var.BIN_DIR)/libglib-2.0-0.dll" KeyPath="yes" DiskId="1"/>
|
|
</Component>
|
|
<Component Id="libintl" Guid="{A641BC2D-A907-4A94-9149-F30ED430878F}">
|
|
<File Id="libintl_8.dll" Name="libintl-8.dll" Source="$(var.BIN_DIR)/libintl-8.dll" KeyPath="yes" DiskId="1"/>
|
|
</Component>
|
|
<Component Id="libssp" Guid="{7880087B-02B4-4EF6-A5D3-D18F8E3D90E1}">
|
|
<File Id="libssp_0.dll" Name="libssp-0.dll" Source="$(var.BIN_DIR)/libssp-0.dll" KeyPath="yes" DiskId="1"/>
|
|
</Component>
|
|
<Component Id="libwinpthread" Guid="{6C117C78-0F47-4B07-8F34-6BEE11643829}">
|
|
<File Id="libwinpthread_1.dll" Name="libwinpthread-1.dll" Source="$(var.BIN_DIR)/libwinpthread-1.dll" KeyPath="yes" DiskId="1"/>
|
|
</Component>
|
|
<?if $(var.LIBPCRE) = "libpcre1"?>
|
|
<Component Id="libpcre" Guid="{7A86B45E-A009-489A-A849-CE3BACF03CD0}">
|
|
<File Id="libpcre_1.dll" Name="libpcre-1.dll" Source="$(var.BIN_DIR)/libpcre-1.dll" KeyPath="yes" DiskId="1"/>
|
|
</Component>
|
|
<?else?>
|
|
<Component Id="libpcre" Guid="{F92A3804-B59C-419D-8F29-99A30352C156}">
|
|
<File Id="libpcre2_8_0.dll" Name="libpcre2-8-0.dll" Source="$(var.BIN_DIR)/libpcre2-8-0.dll" KeyPath="yes" DiskId="1"/>
|
|
</Component>
|
|
<?endif?>
|
|
<Component Id="registry_entries" Guid="{D075D109-51CA-11E3-9F8B-000C29858960}">
|
|
<RegistryKey Root="HKLM"
|
|
Key="Software\$(var.QEMU_GA_MANUFACTURER)\$(var.QEMU_GA_DISTRO)\Tools\QemuGA">
|
|
<RegistryValue Type="string" Name="ProductID" Value="fb0a0d66-c7fb-4e2e-a16b-c4a3bfe8d13b" />
|
|
<RegistryValue Type="string" Name="Version" Value="$(var.QEMU_GA_VERSION)" />
|
|
</RegistryKey>
|
|
<RegistryKey Root="HKLM"
|
|
Key="System\CurrentControlSet\Services\EventLog\Application\qemu-ga">
|
|
<RegistryValue Type="integer" Name="TypesSupported" Value="7" />
|
|
<RegistryValue Type="string" Name="EventMessageFile" Value="[qemu_ga_directory]qemu-ga.exe" />
|
|
</RegistryKey>
|
|
</Component>
|
|
</Directory>
|
|
</Directory>
|
|
</Directory>
|
|
|
|
<Property Id="rundll" Value="rundll32.exe"/>
|
|
<Property Id="REINSTALLMODE" Value="amus"/>
|
|
|
|
<?ifdef var.InstallVss?>
|
|
<CustomAction Id="RegisterCom"
|
|
ExeCommand='"[qemu_ga_directory]qga-vss.dll",DLLCOMRegister'
|
|
Execute="deferred"
|
|
Property="rundll"
|
|
Impersonate="no"
|
|
Return="check"
|
|
>
|
|
</CustomAction>
|
|
<CustomAction Id="UnRegisterCom"
|
|
ExeCommand='"[qemu_ga_directory]qga-vss.dll",DLLCOMUnregister'
|
|
Execute="deferred"
|
|
Property="rundll"
|
|
Impersonate="no"
|
|
Return="check"
|
|
>
|
|
</CustomAction>
|
|
<?endif?>
|
|
|
|
<Feature Id="QEMUFeature" Title="QEMU Guest Agent" Level="1">
|
|
<ComponentRef Id="qemu_ga" />
|
|
<?ifdef var.InstallVss?>
|
|
<ComponentRef Id="libstdc++_6_lib" />
|
|
<ComponentRef Id="qga_vss_dll" />
|
|
<ComponentRef Id="qga_vss_tlb" />
|
|
<?endif?>
|
|
<ComponentRef Id="gspawn-helper-console" />
|
|
<ComponentRef Id="gspawn-helper" />
|
|
<ComponentRef Id="iconv" />
|
|
<ComponentRef Id="libgcc_arch_lib" />
|
|
<ComponentRef Id="libglib" />
|
|
<ComponentRef Id="libintl" />
|
|
<ComponentRef Id="libssp" />
|
|
<ComponentRef Id="libwinpthread" />
|
|
<ComponentRef Id="registry_entries" />
|
|
<ComponentRef Id="libpcre" />
|
|
</Feature>
|
|
|
|
<InstallExecuteSequence>
|
|
<?ifdef var.InstallVss?>
|
|
<Custom Action="UnRegisterCom" After="StopServices">Installed</Custom>
|
|
<Custom Action="RegisterCom" After="InstallServices">NOT REMOVE</Custom>
|
|
<?endif?>
|
|
</InstallExecuteSequence>
|
|
</Product>
|
|
</Wix>
|