omeara55
12th November 2008 01:04 UTC

Vista security issue/bug? -- RegDLL
Hey everyone... First off, big thanks to all the NSIS contributors -- it's truly great work and we all thank you for your time and effort!

Hopefully, some NSIS gurus here will be able to figure this one out...

My installer is having issues when non-admin users try to install it. Specifically, RegDLL is failing, presumably because regsvr child process isn't inheriting the admin rights of the installer (host) process. The installer uses 'RequestExecutionLevel admin' and the installer properly prompts to authentication when it starts, so the installer process definitely has admin permissions (also verified by the fact it installs files into Program Files).

Is anyone aware of this issue or perhaps what may be going on? Sorry if I missed something obvious or am doing something dumb.

Thanks in advance,
Andy

Anders
12th November 2008 08:08 UTC

a child process will always inherit its parent rights unless you create a custom and/or restricted token. You could try Process Monitor from sysinternals and see it gives you any clues as to why its failing

{_trueparuex^}
12th November 2008 10:37 UTC

:confused: RegDLL doesn't use regsvr to register. You could try to test why it's failing by calling regsvr by yourself.

E.g. ExecWait 'regsvr32.exe "$INSTDIR\foo.dll"'

This way you get the error message if it fails to register.

PaR

omeara55
13th November 2008 02:14 UTC

Hey guys, thanks for chiming in with your comments. Trueparuex, your suggestion did the trick! Using ExecWait results in proper registration, indicting there may in fact be a bug inside RegDLL. To be clear, the repro case is calling RegDLL under Vista x64, using an installer marked with 'RequestExecutionLevel admin' , logged in as a standard user (ie a non-admin).

I'm willing to write up and file a bug on this at sourceforge if people here agree that this looks like a legit issue. Thoughts? Thanks again for the workaround, trueparuex!

Andy