HUGE BUG in zip and UAC: copy a file from a zip.

When you copy a file from a zip (integrated zip function) to any folder in
c:\program files\ in order to replace a file, the copy fails and the target
folder will be empty! You lose the files!

reproduction steps:
1. suppose in c:\program files\app1\ you have these 3 files:
file1.exe, file2.dll, file2.txt
2. suppose in your Documents folder you have a zip contains file1.exe,
file2.dll, file2.txt
3. explorer the zip and copy the 3 files to c:\program files\app1\
4. give the UAC consent
.... but the copy will fail and the whole app1 folder will be empty. COPY IS
FAILED AND YOU LOSE OLD FILES.

Hi Bill,

No bug it is, as a standard or admin user account will not have sufficient
privileges to overwrite files in the C:\Program Files directory unless the
commands are run from an elevated prompt. It's not UAC but rather
permissions that are involved here. Keep in mind that programs in Vista are
run from the user's appdata folder, not the program files directory. This is
by design to keep malware from extending throughout the system even if one
user chooses to run it.

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP
http://mvp.support.microsoft.com/
Windows help - www.rickrogers.org
My thoughts http://rick-mvp.blogspot.com

"BillD" <> wrote in message
news:CB3D9326-4817-4B55-86B9-...
> When you copy a file from a zip (integrated zip function) to any folder in
> c:\program files\ in order to replace a file, the copy fails and the
> target
> folder will be empty! You lose the files!
>
> reproduction steps:
> 1. suppose in c:\program files\app1\ you have these 3 files:
> file1.exe, file2.dll, file2.txt
> 2. suppose in your Documents folder you have a zip contains file1.exe,
> file2.dll, file2.txt
> 3. explorer the zip and copy the 3 files to c:\program files\app1\
> 4. give the UAC consent
> ... but the copy will fail and the whole app1 folder will be empty. COPY
> IS
> FAILED AND YOU LOSE OLD FILES.
>

Rick Rogers wrote:
> Hi Bill,
>
> No bug it is, as a standard or admin user account will not have
> sufficient privileges to overwrite files in the C:\Program Files
> directory unless the commands are run from an elevated prompt. It's not
> UAC but rather permissions that are involved here. Keep in mind that
> programs in Vista are run from the user's appdata folder, not the
> program files directory. This is by design to keep malware from
> extending throughout the system even if one user chooses to run it.
>


So does it sound sensible that this deletes files?

You really don't need to bother downloading hardware if the OS does the
deleting for you...

Would it not make more sense to fail with an error message to say
insufficient privileges - can't perform the requested operation?

On Thu, 06 Sep 2007 06:39:02 -0500, Charlie Tame wrote:

> Rick Rogers wrote:
>> Hi Bill,
>>
>> No bug it is, as a standard or admin user account will not have
>> sufficient privileges to overwrite files in the C:\Program Files
>> directory unless the commands are run from an elevated prompt. It's not
>> UAC but rather permissions that are involved here. Keep in mind that
>> programs in Vista are run from the user's appdata folder, not the
>> program files directory. This is by design to keep malware from
>> extending throughout the system even if one user chooses to run it.
>>
>
>
> So does it sound sensible that this deletes files?
>
> You really don't need to bother downloading hardware if the OS does the
> deleting for you...

Got an address for me where I can download some more 8800 GTXs?
Or how about a DVD-RAM drive that can take cartridges. I am DYING for a
couple of those...

--
Stephan
2003 Yamaha R6

������出�日�ん�����
����忘れ�������ら

I tried what was described: I created three file and copied them to the app1
directory under program files. I created a zip file on my desktop and copied
the three file to the app1 dir. logged in as admin. they copied as they
should have. the only time I need to elevate a process was when coping the
first set of files to the Program files/app1 dir. UAC told me I did not have
permission to do this.

--

Bob Eyster
MS Windows Vista Home Premium



"Rick Rogers" <> wrote in message
news:%23$...
> Hi Bill,
>
> No bug it is, as a standard or admin user account will not have sufficient
> privileges to overwrite files in the C:\Program Files directory unless the
> commands are run from an elevated prompt. It's not UAC but rather
> permissions that are involved here. Keep in mind that programs in Vista
> are run from the user's appdata folder, not the program files directory.
> This is by design to keep malware from extending throughout the system
> even if one user chooses to run it.
>
> --
> Best of Luck,
>
> Rick Rogers, aka "Nutcase" - Microsoft MVP
> http://mvp.support.microsoft.com/
> Windows help - www.rickrogers.org
> My thoughts http://rick-mvp.blogspot.com
>
> "BillD" <> wrote in message
> news:CB3D9326-4817-4B55-86B9-...
>> When you copy a file from a zip (integrated zip function) to any folder
>> in
>> c:\program files\ in order to replace a file, the copy fails and the
>> target
>> folder will be empty! You lose the files!
>>
>> reproduction steps:
>> 1. suppose in c:\program files\app1\ you have these 3 files:
>> file1.exe, file2.dll, file2.txt
>> 2. suppose in your Documents folder you have a zip contains file1.exe,
>> file2.dll, file2.txt
>> 3. explorer the zip and copy the 3 files to c:\program files\app1\
>> 4. give the UAC consent
>> ... but the copy will fail and the whole app1 folder will be empty. COPY
>> IS
>> FAILED AND YOU LOSE OLD FILES.
>>
>

"Rick Rogers" wrote:

> No bug it is, as a standard or admin user account will not have sufficient
> privileges to overwrite files in the C:\Program Files directory unless the
> commands are run from an elevated prompt. I

YOU WRONG!!! Because if I copy a file to c:\program files\ I'll get an UAC
prompt and it's copied with success!!! This fails only when I copy a file
from the zip archive in explorer'shell and old files are also deleted!!!

"Rick Rogers" wrote:

> No bug it is, as a standard or admin user account will not have sufficient
> privileges to overwrite files in the C:\Program Files directory unless the
> commands are run from an elevated prompt. I

YOU WRONG!!! Because if I copy a file to c:\program files\ I'll get an UAC
prompt and it's copied with success!!! This fails only when I copy a file
from the zip archive in explorer's shell and old files are also deleted!!!

"BillD" <> wrote ...
> When you copy a file from a zip (integrated zip function) to any folder in
> c:\program files\ in order to replace a file, the copy fails and the
> target
> folder will be empty! You lose the files!
>
> reproduction steps:
> 1. suppose in c:\program files\app1\ you have these 3 files:
> file1.exe, file2.dll, file2.txt
> 2. suppose in your Documents folder you have a zip contains file1.exe,
> file2.dll, file2.txt
> 3. explorer the zip and copy the 3 files to c:\program files\app1\
> 4. give the UAC consent
> ... but the copy will fail and the whole app1 folder will be empty. COPY
> IS
> FAILED AND YOU LOSE OLD FILES.

Not repro.

When I tried these steps on my machine, I got a UAC prompt, then the files
were copied from the ZIP file to the C:\Program Files\apps1 directory, as
expected. I was logged in as a Standard User.

You're undoubtedly seeing a real issue on your machine - but it doesn't seem
to be the universal experience for all users. You might need to delineate
the specific conditions required to reproduce the problem: for example, the
user context in which the files where copied; the specific permissions which
had been applied to the original files; etc. You can use the "icacls"
command to get a precise listing of the file permissions in the
app1\directory, before and after you attempt to copy the ZIP files into it;
eg:

C:\Program Files>icacls .\app1 > C:\TEMP\app1acl.txt

C:\Program Files>icacls .\app1\* >> C:\TEMP\app1acl.txt

You could also use a tool like Process Monitor
(http://www.microsoft.com/technet/sys...ssmonitor.mspx)
to see exactly why the original ZIP files are being deleted.

If you have a consistent repro scenario which can be repro'ed on a random
machine, then ... yeah, it should be reported to Microsoft. Data loss is
always serious, and should be taken seriously. Although it is also true
that the Program Files direcory is "special" on Vista, it has a very
specific set of permissions which prevent random manipulation of files. This
is "by design" and is a security measure to prevent hijacks or other abuses
(what if the zipp'ed file1.exe was a virus?). Applications which need to
update files under the Program Files directory should do so, by calling on
the Windows Installer Services, instead of doing direct file I/O. (Mind you,
I use at least one app, a fine product, which nevertheless distributes
updates as ZIP'ed files to be copied into the program directory. Bugger I've
written to that vendor, suggesting they use a more secure and Vista-friendly
update mechanism).

Regards,
--
Andrew McLaren
amclar (at) optusnet dot com dot au

Stephan Rose wrote:
> On Thu, 06 Sep 2007 06:39:02 -0500, Charlie Tame wrote:
>
>> Rick Rogers wrote:
>>> Hi Bill,
>>>
>>> No bug it is, as a standard or admin user account will not have
>>> sufficient privileges to overwrite files in the C:\Program Files
>>> directory unless the commands are run from an elevated prompt. It's not
>>> UAC but rather permissions that are involved here. Keep in mind that
>>> programs in Vista are run from the user's appdata folder, not the
>>> program files directory. This is by design to keep malware from
>>> extending throughout the system even if one user chooses to run it.
>>>
>>
>> So does it sound sensible that this deletes files?
>>
>> You really don't need to bother downloading hardware if the OS does the
>> deleting for you...
>
> Got an address for me where I can download some more 8800 GTXs?
> Or how about a DVD-RAM drive that can take cartridges. I am DYING for a
> couple of those...
>


Yeah I meant Malware of course, I have plenty free if you're still
interested

"Andrew McLaren" wrote:
> Although it is also true
> that the Program Files direcory is "special" on Vista, it has a very
> specific set of permissions which prevent random manipulation of files. This
> is "by design" and is a security measure to prevent hijacks or other abuses
> (what if the zipp'ed file1.exe was a virus?).

you didn't understand me!!!!
if I copy a file to c:\program files\app1\ I get an UAC prompt, I give the
consent and then it's copied with success!
instead, if I copy a file from a zip archive to c:\program files\app1\ it
fails!!!
And the files in folder \app1 are deleted!!!
There are 2 bugs: wrong elevation with zip + files deleted in \app1

try these steps: Standard user + UAC on
1. create a new folder in c:\program files\sysinternals\processexplorer
(give UAC consent in order to create it in that protected location)
2. with IE7, download this file
http://download.sysinternals.com/Fil...ssExplorer.zip to your Downloads
folder (or Documents folder)
3. extract the zip, select the files and copy them to c:\program
files\sysinternals\processexplorer, give UAC consent, and the files are
copied with success.
4. now, don't extract the zip, but enter into zip using the built-in zip
vista's feature, select the files and copy them to c:\program
files\sysinternals\processexplorer, accept to replace the files, give UAC
consent
..... and the copy will fail: denied access
..... and the c:\program files\sysinternals\processexplorer folder is void
---> old files have been deleted!