Closed Bug 1796647 Opened 2 years ago Closed 2 years ago

Installer deletes distribution folder with custom settings

Categories

(Toolkit :: Application Update, defect)

Product:
Toolkit
Component:
Application Update
Version:
Firefox 104
Type:
defect

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: molitar, Unassigned)

Details

Steps to reproduce:

Just do another install of Firefox with the installer not Firefox updater. I manually update so when I update I manually download and run the installer for the update.

Actual results:

Even though I set these permissions for distribution folder and the policies.json nit still deletes them.

Trusted Installer : read & execute only
Users: read & execute only
System: read & execute only
Administrators: Full Access
Creator Owner: No Access
All Application: Read & Execute
All Restricted Application: Read & Execute

Expected results:

Installer should not have any RIGHTS to delete the distribution folder or policies.json but somehow the installer is over riding security settings! This is dangerous as we have no idea what else could be installed during installation if someone wanted to modify the installer. How is the installer able to ignore security settings that should make it impossible to be deleted?

The Bugbug bot thinks this bug should belong to the 'Toolkit::Application Update' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → Application Update
Product: Firefox → Toolkit

I believe that it is expected that the installer deletes the distribution directory.
@mkaply - I think I discussed this behavior with you before. Can you confirm that this is how we want this to work?

(In reply to molitar from comment #0)

Installer should not have any RIGHTS to delete the distribution folder or policies.json but somehow the installer is over riding security settings! This is dangerous as we have no idea what else could be installed during installation if someone wanted to modify the installer. How is the installer able to ignore security settings that should make it impossible to be deleted?

As far as I know, it has never been a Firefox feature that we check these permissions and do something different based on them. Nor is it clear to me that we should do that. If you are unhappy with the way that Windows file permissions are enforced, you would probably need to take that up with Microsoft as we have no control over that. But assuming that you have granted the Firefox installer elevated privileges (by accepting the UAC prompt), it's not even clear to me that it is expected that the installer wouldn't have the privileges to do this.

Flags: needinfo?(mozilla)

This is the expected behavior by default. The installer overwrites the distribution directory.

If you don't want that to happen, we have a command line parameter that prevents that:

/RemoveDistributionDir={true,false}

On Windows in general, I would recommend you do customization via registry or GPO if you want to make sure users can't delete the policy.

Flags: needinfo?(mozilla)

I'm going to go ahead and say that preventing the distribution directory from being deleted that way isn't supported so I'm going to mark this bug as resolved. If /RemoveDistributionDir doesn't work as expected, please file a new bug.

Status: UNCONFIRMED → RESOLVED
Closed: 2 years ago
Resolution: --- → INVALID

How about making it an option do you want to new install or update.. update don't delete the directory.

If you update using the Firefox update mechanism, it will not delete the distribution directory.

Downloading Firefox and overwriting an install like that is not a common usecase.

You need to log in before you can comment on or make changes to this bug.