Hi,
Thanks you for your continuous work on this great tool. Unfortunately corporate IT security suspended my use of Total Commander until vulnerability can is addressed.
https://nvd.nist.gov/vuln/detail/CVE-2020-17381
Is it possible to switch install folder into Program Files, and thus enable build-in Windows 7 & 10 EXE module protection? Or to provide an MSI installed addressing this corporate security concern (however private users will probably also benefit from better security due to Windows EXE protection)?
Hoping for a fix in 10x version (sorry, can't test until tool is upgraded with the fix and unlocked by IT Security). The lock used at our company is Windows EXE application whitelisting group policy.
Again, much appreciated!
Madcode
Vulnerability CVE-2020-17381 (EXE protection from tampering)
Moderators: Hacker, petermad, Stefan2, white
Re: Vulnerability CVE-2020-17381 (EXE protection from tampering)
There's nothing stopping anyone from installing TC into %ProgramFiles%, provided they have administrator privileges to do so, of course. I've been using TC from this directory for more than a decade, and aside from some plugin settings files where NTFS permission should/must be changed to allow users to write to them, it works just fine.
From what I've read so far, TC 10 will change the default installation directory to somewhere under %ProgramFiles%.
Regards
Dalai
From what I've read so far, TC 10 will change the default installation directory to somewhere under %ProgramFiles%.
Regards
Dalai
#101164 Personal licence
Ryzen 5 2600, 16 GiB RAM, ASUS Prime X370-A, Win7 x64
Plugins: Services2, Startups, CertificateInfo, SignatureInfo, LineBreakInfo - Download-Mirror
Ryzen 5 2600, 16 GiB RAM, ASUS Prime X370-A, Win7 x64
Plugins: Services2, Startups, CertificateInfo, SignatureInfo, LineBreakInfo - Download-Mirror
-
ghisler(Author)
- Site Admin
- Posts: 50479
- Joined: 2003-02-04, 09:46 UTC
- Location: Switzerland
- Contact:
Re: Vulnerability CVE-2020-17381 (EXE protection from tampering)
This "vulnerability" is only about the install location, any program installed outside of "Program Files" or "Program Files (x86)" would be affected, but ONLY if there are limited users defined on your system.
The attack would work like this:
1. You install Total Commander to c:\totalcmd
2. A user with limited rights logs in and replaces the exe in c:\totalcmd with his own
3. You run Total Commander, but instead that other app gets started.
This is only a problem with limited users, who cannot modify "Program Files", but can modify "totalcmd". Users who have admin rights can modify "Program Files", so they can replace the exe with their own there.
So what does TC 10 do against it?
1. For new installations, it now defaults to "Program Files"
2. For existing installations, it offers to write protect the target folder, so other users cannot write to it.
If this is a concern for you and you use TC 9.51, just install it to a directory under "Program Files".
The attack would work like this:
1. You install Total Commander to c:\totalcmd
2. A user with limited rights logs in and replaces the exe in c:\totalcmd with his own
3. You run Total Commander, but instead that other app gets started.
This is only a problem with limited users, who cannot modify "Program Files", but can modify "totalcmd". Users who have admin rights can modify "Program Files", so they can replace the exe with their own there.
So what does TC 10 do against it?
1. For new installations, it now defaults to "Program Files"
2. For existing installations, it offers to write protect the target folder, so other users cannot write to it.
If this is a concern for you and you use TC 9.51, just install it to a directory under "Program Files".
Author of Total Commander
https://www.ghisler.com
https://www.ghisler.com