php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #47517 php-cgi.exe missing UAC manifest
Submitted: 2009-02-27 03:51 UTC Modified: 2011-04-08 20:36 UTC
Votes:4
Avg. Score:4.8 ± 0.4
Reproduced:4 of 4 (100.0%)
Same Version:3 (75.0%)
Same OS:4 (100.0%)
From: louis at steelbytes dot com Assigned:
Status: Closed Package: *General Issues
PHP Version: 5.2.9 OS: Win32
Private report: No CVE-ID: None
 [2009-02-27 03:51 UTC] louis at steelbytes dot com
Description:
------------
php-cgi.exe (and I guess other php .exe's) should have a UAC manifest stating "asInvoker"

Reproduce code:
---------------
n/a

Expected result:
----------------
n/a

Actual result:
--------------
n/a

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-02-27 06:23 UTC] louis at steelbytes dot com
reason:
so that UAC won't virtualize file read/writes.
 [2009-02-27 09:13 UTC] pajoye@php.net
Why do you need one?

php can be used in any situations and inherits (or is set by) the UAC from the caller (in case of fcgi or another SAPI for example).
 [2009-02-28 06:53 UTC] louis at steelbytes dot com
> Why do you need one?

as originally stated, to avoid Vista's (or 2k8's) virtualisation of the file system.

eg if from a script I attempt to write to c:\ProgramData\MyCompany\MyApp\file.ext and I don't have enough NTFS perms, then vista virtualises this into %USERPROFILE%\AppData\Local\VirtualStore\ProgramData\MyCompany\MyApp\file.ext instead of giving me an access denied error.

> inherits the UAC from the caller

no, but yes, but no.  it the caller is elevated, then yes the spawned task (php) inherits this elevation.  this is not the same thing that I am talking about though.  if an app has this manifest embedded, then no matter what the elevation status or what perms the user has, file and reg operations won't be virtulised.

..

note: this probably has very little relavence when run as cgi/fcgi on a webserver, but when running as a cli for misc scripts on my pc then it matters.

really there is no reason to not have one that I can see.
 [2011-04-08 20:36 UTC] jani@php.net
-Package: Feature/Change Request +Package: *General Issues
 [2016-04-29 17:36 UTC] man dot daxelsberger at web dot de
Hi,

php.exe, php-cgi.exe etc. of PHP 7.0.6 currently have the following manifest:

<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3">
   <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"> 
       <application> 
           <!-- Windows Vista -->
           <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS> 
           <!-- Windows 7 -->
           <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS>
           <!-- Windows 8 -->
           <supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS>
           <!-- Windows 8.1 -->
           <supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS>
           <!-- Windows 10 -->
           <supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS>
       </application> 
   </compatibility>
</assembly>


As the OP noted, this manifest misses a <requestedExecutionLevel level="asInvoker" uiAccess="false" /> element that a application normally should have.

Without this element, Windows (since Vista) enables file/registry virtualization because it thinks this is an old application that is not aware of the limited permissions that a non-admin user has. Note however that this only applies to 32-bit executables, not to 64-bit ones.

For example, if you rename "php.exe" to "phpsetup.exe", you will get an UAC icon and if you try to run it, the UAC dialog appears to elevate the process. This is because without the entry, Windows has to guess e.g. by the filename if the EXE is a Setup program that needs administrative rights.

Also, if you write a file to "C:\Program Files\myfile.txt" when running php.exe non-elevated, it will succeed, but the file is actually written to "C:\Users\<Username>\AppData\Local\VirtualStore\Program Files\myfile.txt".

When adding the <requestedExecutionLevel>, trying to write a file in that location would correctly fail instead of being redirected (and renaming php.exe to phpsetup.exe would not display an UAC icon).


Ideally, php.exe and php-cgi.exe's manifest should look like this (the <compatibility> is needed for correctly detecting the Windows version with APIs like GetVersionEx() since Windows 8.1):

<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3">
    <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
        <security>
            <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
                <requestedExecutionLevel level="asInvoker" uiAccess="false" />
            </requestedPrivileges>
        </security>
    </trustInfo>
    <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"> 
        <application> 
            <!-- Windows Vista -->
            <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS> 
            <!-- Windows 7 -->
            <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS>
            <!-- Windows 8 -->
            <supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS>
            <!-- Windows 8.1 -->
            <supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS>
            <!-- Windows 10 -->
            <supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS>
        </application> 
    </compatibility>
</assembly>

"asInvoker" means that the application doesn't need to be elevated.

Thanks!
 [2016-06-02 21:13 UTC] ab@php.net
Automatic comment on behalf of maxdax15801@users.noreply.github.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d7da8f5ea4866026113cc23cbdfe8e3813147ab4
Log: Fix bug #47517 php-cgi.exe missing UAC manifest
 [2016-06-02 21:13 UTC] ab@php.net
-Status: Open +Status: Closed
 [2016-07-20 11:30 UTC] davey@php.net
Automatic comment on behalf of maxdax15801@users.noreply.github.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d7da8f5ea4866026113cc23cbdfe8e3813147ab4
Log: Fix bug #47517 php-cgi.exe missing UAC manifest
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Mar 19 07:01:29 2024 UTC