search

Squirrel / Squirrel.Mac

:shipit: Cocoa framework for updating OS X apps :shipit:
MIT License
1.59k stars 128 forks source link

Fix installing updates which need escalated privileges #207

Closed joshaber closed 7 years ago

joshaber commented 7 years ago

⚠️ Dependent on https://github.com/Squirrel/Squirrel.Mac/pull/206 ⚠️

Fixes #157 Fixes #131

There were two problems:

  1. We checked if we could write to the app bundle itself and escalated, but we didn't check if we could write to its parent directory to replace the bundle.
  2. If we escalated, our user-scoped paths wouldn't be valid since ShipIt would run as root.

I still need to find a way to test this, even if just by hand, to verify the above issues really are fixed.

joshaber commented 7 years ago

I've manually tested the following scenarios:

  1. User-owned app bundle and parent directory. Succeeds 👍
  2. Root-owned app bundle and user-owned parent directory. Escalates and succeeds 👍
  3. Root-owner parent directory. Escalates and succeeds 👍
hhff commented 7 years ago

Hi @joshaber - a big big thankyou for tackling this! Really great stuff 👍

devtobo commented 7 years ago

Is it fixed in Electron (not sure if they or I need to do something to have this fix for my users)?

joshaber commented 7 years ago

No, Electron hasn't yet released an update which includes this fix.

Roverclover commented 3 years ago

Y