Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-83453

QStandardPaths::writableLocation is not low-integrity aware

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P3: Somewhat important
    • 5.15.0 Beta4
    • 5.14.0
    • Core: I/O, WebEngine
    • None
    • Windows 10 (x64)
    • Windows
    • 1bee5937bc51af45776c4ad9083f4a67afbaf109 (qt/qtbase/5.15)

    Description

      On Windows, QStandardPaths::writableLocation(QStandardPaths::DataLocation) will return a path that is not writable when being called from a low-integrity process. This causes problems for Qt applications & libraries, including QtWebEngine, that relies on the path being writable.

      The function currently return %USERPROFILE%\AppData\Local, whereas it would probably be better to return %USERPROFILE%\AppData\LocalLow if running in a low integrity process.

      Background

      "Low integrity" processes is a security sandboxing technique to make the filesystem read-only for a Windows application, with a few exceptions. It is typically used to run untrusted code more securely, but can also be used for protecting the integrity of an embedded device. Most of Qt already run fine on low-integrity, but the QStandardPaths::writableLocation implementation is causing problems for applications using QtWebEngine.

      Low integrity doc: https://docs.microsoft.com/en-us/previous-versions/dotnet/articles/bb625960(v=msdn.10)

      Instructions to reproduce issue:

      • Build QtWebEngine "minimal" sample (https://doc.qt.io/qt-5/qtwebengine-webengine-minimal-example.html) in debug mode.
      • Start command prompt with admin permissions and run "icacls minimal.exe /setintegritylevel Low" so that it will run in low integrity.
      • Start minimal.exe with a debugger attached.
      • Observe the following (and many more) errors in the Visual Studio "Output" window:
      WARNING:file_util_win.cc(656)] Failed to create directory C:\Users\<user>\AppData\Local\QtExamples\minimal: Access is denied. (0x5)
Cannot create directory C:\Users\<user>\AppData\Local\QtExamples\minimal\QtWebEngine\Default. Error: FILE_ERROR_ACCESS_DENIED.
ERROR:cache_util_win.cc(21)] Unable to move the cache: The system cannot find the path specified. (0x3)
ERROR:cache_util.cc(141)] Unable to move cache folder C:\Users\<user>\AppData\Local\QtExamples\minimal\QtWebEngine\Default\GPUCache to C:\Users\<user>\AppData\Local\QtExamples\minimal\QtWebEngine\Default\old_GPUCache_000
ERROR:disk_cache.cc(178)] Unable to create cache

      My organization is also experiencing a more severe crash in an application using QtWebEngine that is triggered by the same root cause. However, this crash does not seem to occur in the "minimal" sample.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-83941 Build failure on W7 MSVC2015/MSVC2019

          • P1: Critical - Urgent and Important, will STOP the release if matched with set FixVersion field. This includes regressions from the last version that are not edge cases; Data loss; Build issues; All but the most unlikely crashes/lockups/hanging; Serious usability issues and embarrassing bugs & Bugs critical to a deliverable. This is the highest possible priority for requirements.
          • Closed
          For Gerrit Dashboard: QTBUG-83453
          # Subject Branch Project Status CR V
          296893,13 Windows: Make QStandardPaths::writableLocation low-integrity aware 5.15 qt/qtbase Status: MERGED +2 0
          299281,4 qstandardpaths_win.cpp: Fix GetCurrentProcessToken() for Win7 5.15.0 qt/qtbase Status: MERGED +2 0

          Activity

            People

              forderud Fredrik Orderud
              forderud Fredrik Orderud
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes