Ticket #397 (closed enhancement: fixed)

Opened 7 months ago

Last modified 4 months ago

Use uiAccess in Windows Vista and beyond

Reported by: jteh Owned by: mdcurran
Priority: major Milestone: 2009.1
Component: Core Version: development
Keywords: Cc:
Operating system: Windows Vista Blocked by:
Blocking:

Description

In Windows Vista and beyond, an AT can set a uiAccess field in its manifest to specify whether it should gain additional privileges to access the UI of other applications. This is needed to access elevated applications; i.e. running as administrator. However, due to the security concerns this raises, the application must be signed with a trusted security certificate. We can't afford a cert signed by a trusted root CA at this stage. However, we have found a way to register a trusted root cert in the installer. NVDA should then use the uiAccess privilege wherever possible.

Change History

Changed 4 months ago by jteh

  • status changed from new to assigned

Change of approach. NV Access has purchased a cert signed by a trusted root CA, so we will sign releases with that. Snapshots will not be signed, as we make no guarantees about snapshots.

A new option, --enable-uiAccess, has been added to setup.py's py2exe command to enable uiAccess for nvda.exe. This should only be used if it will subsequently be signed by a trusted cert. This hasn't yet been merged into main; bzr branch:  http://bzr.nvaccess.org/nvda/uiAccess/

I have updated the build scripts to enable uiAccess and sign the executables.

We need to allow certain messages through the message filter so that Java Access Bridge will work when NVDA is running with uiAccess. Mick is working on this.

Changed 4 months ago by jteh

We needed to make a few other changes to get this working properly. The problem is that Windows won't allow uiAccess apps to run with uiAccess if they aren't in trusted system locations. The shell can start uiAccess applications outside of these locations (but doesn't give them uiAccess privs), but running the process in other ways fails. This means that portable copies cannot have uiAccess and that the installer must use ShellExecute to start NVDA. Also, the service has to set uiAccess in the token in order to start a uiAccess application. Finally, giving uiAccess to the 64 bit nvdaHelperRemoteLoader required using NVDA's own process token with CreateProcessAsUser. All of these changes are in the aforementioned bzr branch and will be merged soon.

TODO: Change the build script to enable uiAccess for installer but not for portable.

Changed 4 months ago by jteh

uiAccess branch merged in r3351.

Changed 4 months ago by jteh

  • status changed from assigned to closed
  • resolution set to fixed

Build script updated and tested. I think this is good to go.

Note: See TracTickets for help on using tickets.