aboutsummaryrefslogtreecommitdiff
path: root/qga
diff options
context:
space:
mode:
authorKonstantin Kostiuk <kkostiuk@redhat.com>2023-03-03 21:20:07 +0200
committerKonstantin Kostiuk <kkostiuk@redhat.com>2023-03-08 18:23:40 +0200
commit88288c2a51faa7c795f053fc8b31b1c16ff804c5 (patch)
tree7c24a7e706bf3710716e8b4c549713ddd93b084a /qga
parent9832009d9dd2386664c15cc70f6e6bfe062be8bd (diff)
downloadqemu-88288c2a51faa7c795f053fc8b31b1c16ff804c5.zip
qemu-88288c2a51faa7c795f053fc8b31b1c16ff804c5.tar.gz
qemu-88288c2a51faa7c795f053fc8b31b1c16ff804c5.tar.bz2
qga/win32: Remove change action from MSI installer
Remove the 'change' button from "Programs and Features" because it does not checks if a user is an admin or not. The installer has no components to choose from and always installs everything. So the 'change' button is not obviously needed but can create a security issue. resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2167423 fixes: CVE-2023-0664 (part 1 of 2) Signed-off-by: Konstantin Kostiuk <kkostiuk@redhat.com> Reviewed-by: Yan Vugenfirer <yvugenfi@redhat.com> Reported-by: Brian Wiltse <brian.wiltse@live.com>
Diffstat (limited to 'qga')
-rw-r--r--qga/installer/qemu-ga.wxs1
1 files changed, 1 insertions, 0 deletions
diff --git a/qga/installer/qemu-ga.wxs b/qga/installer/qemu-ga.wxs
index 51340f7..feb629e 100644
--- a/qga/installer/qemu-ga.wxs
+++ b/qga/installer/qemu-ga.wxs
@@ -31,6 +31,7 @@
/>
<Media Id="1" Cabinet="qemu_ga.$(var.QEMU_GA_VERSION).cab" EmbedCab="yes" />
<Property Id="WHSLogo">1</Property>
+ <Property Id="ARPNOMODIFY" Value="yes" Secure="yes" />
<MajorUpgrade
DowngradeErrorMessage="Error: A newer version of QEMU guest agent is already installed."
/>