add RedirectionGuard=no to windows-installer.iss#9863
Conversation
|
I'm starting a first review of this pull request. You can view the conversation on Warp. I completed the review and no human review was requested for this pull request. Comment Powered by Oz |
![oz-for-oss[bot]](https://avatars.githubusercontent.com/in/3450139?s=60&v=4){kind=small}
There was a problem hiding this comment.
Overview
This PR disables Inno Setup RedirectionGuard for the Windows installer.
Concerns
- The stated fix depends on RedirectionGuard affecting Warp and its child processes, but Inno Setup documents this directive as applying only to Setup/Uninstall and not being inherited by child processes or the installed application. Disabling it therefore weakens installer/uninstaller protection without addressing the runtime symlink traversal issue described in the PR.
Verdict
Found: 0 critical, 1 important, 0 suggestions
Request changes
Comment /oz-review on this pull request to retrigger a review (up to 3 times on the same pull request).
Powered by Oz
|
I'm starting a first review of this pull request. You can view the conversation on Warp. I completed the review and no human review was requested for this pull request. Comment Powered by Oz |
There was a problem hiding this comment.
Overview
This PR disables Inno Setup's RedirectionGuard mitigation for the Windows setup/uninstall process.
Concerns
- Disabling RedirectionGuard removes a Windows junction/symlink traversal mitigation from an installer that can run elevated, while the documented directive scope is the setup/uninstall process rather than the installed Warp app runtime.
Security
- The installer allows administrative install mode, so disabling RedirectionGuard can re-open privileged path-redirection attack surface during install or uninstall.
Verdict
Found: 0 critical, 1 important, 0 suggestions
Request changes
Comment /oz-review on this pull request to retrigger a review (up to 3 times on the same pull request).
Powered by Oz
| created by non-admin users will fail with error 448." | ||
| ); | ||
| } | ||
| } |
There was a problem hiding this comment.
This is not the fix. This just detects this error case and logs a warning. This will be helpful if this regresses.
| SetupMutex={#AppMutexName}Setup | ||
| ; Version 1809 / Build 18362 is required for ConPTY. See https://github.com/microsoft/vscode-docs/blob/9d736b662fdde3fed17d8bc2ed70bfea4ae20636/docs/supporting/troubleshoot-terminal-launch.md?plain=1#L66/ | ||
| MinVersion=10.0.18362 | ||
| ; Tell Windows Explorer to reload the environment so that path changes take effect. | ||
| ChangesEnvironment=true | ||
| RedirectionGuard=no |
There was a problem hiding this comment.
Here is the actual fix.
Cherry-picked from upstream: - fix: highlight C++ header extensions (warpdotdev#9388) - Run executable shell scripts in the terminal (warpdotdev#9503) - Revert schema generator binary recompilation fix (warpdotdev#9676) - Remove stray backticks from Windows installer README (warpdotdev#9691) - Fix chord shortcuts on Windows non-Latin keyboard layouts (warpdotdev#9476) - Scroll output with Page Up/Down from prompt (warpdotdev#9624) - Respect Markdown Viewer setting for .md links in AI rules/facts panel (warpdotdev#9699) - fix: disable reset grid checks for restored blocks on Windows (warpdotdev#9987) - add RedirectionGuard=no to windows-installer.iss (warpdotdev#9863) - Windows quake mode window correctly sized (warpdotdev#9891) - fix: update rand to 0.9.4 (GHSA-cq8v-f236-94qc) (warpdotdev#10060) - Fix diff button when Show code review button toggle is off (warpdotdev#9600) - Fix freshly cloned repo stuck in loading state (warpdotdev#9998) - Fix terminal text selection not auto-scrolling when dragging (warpdotdev#9448) - Resolve conflict markers from 3f0ac51 and edac651
2 participants
Description
This fixes #9044
As a bonus, we are also getting auto-update failures for our community package in scoop extras and this should fix that #9796
See: https://jrsoftware.org/ishelp/index.php?topic=setup_redirectionguard
Symlink traversal was being blocked by Warp and all child processes. This caused all kinds of failures:
~/.gitconfigis a symlinkTesting
You can test this by building the installer, running the installer, and installing it with the "Run Warp" option checked at the end of the installer.
Changelog Entries for Stable
CHANGELOG-BUG-FIX: [Windows] Symlink traversal fixed.