Brummelchen
16th May 2005 20:52 UTC
security flaw in nsis
i spend some time about it cause i had the trouble that my
ntldr was deleted last time and had no solution to it.
1st i thought it was a misconfigured MFT (oversized).
but after a time i saw that it only happend at some specific
time - when my script was executed.
so i analysed it and that came out:
If u dont have this
Function .onInit
;expand files
InitPluginsDir
FunctionEnd
but this
Function .onGUIEnd
Delete $pluginsdir\*.*
RMdir $PLUGINSDIR
FunctionEnd
...nsis deletes all files in partition root (here c)
I dont think its not specfic at $pluginsdir - logically it
m8 be at alle those vars which aren't declared.
in case of an empty var these routines dont have to be
executed - the result if not may critical sometimes.
hth
Anders
17th May 2005 01:01 UTC
u dont need to delete the plugins dir
Brummelchen
17th May 2005 04:28 UTC
And why is it again part of "AdvSplash Test" ?
I found that in many scripts... not the now delivered examples
but i'm sure they was...
Aaron's rod
17th May 2005 21:58 UTC
In my experience if you haven't call InitPluginsDir before using $pluginsdir it returns partition root. And on .onGUIEnd the pluginsdir is probably already deleted so it returns partition root.
Some careless unlucky person might end up deleting all files on roodir because of this.
Brummelchen
26th May 2005 00:00 UTC
I searched all my scripts now and tried it with out it - success.
i'm not sure from where i got it, maybe a previous version.
>> Some careless unlucky person might end up deleting all files on roodir because of this.
I had :( but i found the solution preventing others from that fault
nsis need to control unused system variables !
Afrow UK
26th May 2005 20:03 UTC
Well I think a compile-time warning would be nice here.
Edit: No that isn't possible because the compiler can't easily tell if you've used InitPluginsDir before using $PLUGINSDIR. You may use InitPluginsDir in a function further down the script after you're using $PLUGINSDIR.
-Stu