winrar (and other extractors)

Started by shmu26, August 30, 2016, 07:46:50 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

shmu26

August 30, 2016, 07:46:50 PM Last Edit: August 30, 2016, 07:51:27 PM by shmu26
I use winrar to extract compressed files
I would like to be able to use it in various user areas, also isolated ones.
I was not able to install it with deployer, it will install only as a regular program in regular user space.

But I found a workaround: if I copy a shortcut of it to a ReHIPS user folder, that way I can get permission to extract a file in that isolated location.
However,  winrar itself does not run isolated.

My question is about the security risk involved with this, since extractors are potentially exploitable.
by default, winrar is blocked from executing programs.
and I unticked "ignore file modifications".

Is this good? Is there a better way to handle things?

EDIT: I am still on standard version, not a newer beta

aDVll

#1
August 30, 2016, 07:53:35 PM
Winrar doesn't run isolated because the default rules have it run normally. If you wish you can make it run isolated by creating appropriate rules and permissions.
I use default settings because i don't believe winrar needs isolation . It only runs at medium integrity and can't launch anything.

Bottom line if you want to run isolated find the winrar rules and change them to run isolated. Remember you will need to give it permission to the locations you extract stuff.

shmu26

#2
August 30, 2016, 07:57:48 PM
okay, so let's say you download a compressed file. How to you unpack it? Do you move it to a regular user space?

aDVll

#3
August 30, 2016, 07:59:35 PM
Quote from: shmu26 on August 30, 2016, 07:57:48 PM
okay, so let's say you download a compressed file. How to you unpack it? Do you move it to a regular user space?
Me personally or you mean if you run winrar isolated?

shmu26

#4
August 30, 2016, 08:01:44 PM
you personally.
for some reason, the workaround I suggest is not working anymore, and I have it installed regular, like you.

aDVll

#5
August 30, 2016, 08:05:20 PM
Quote from: shmu26 on August 30, 2016, 08:01:44 PM
you personally.
for some reason, the workaround I suggest is not working anymore, and I have it installed regular, like you.
Considering i have winrar at default settings from rehips it means i can operate it normally as i would before i install rehips.
I think i might know what you mean but let's be clear. Your download location where the rar are located it's in rehips user folders and winrar doesn't have access to it?
C:\Users\ReHIPSUser*

shmu26

#6
August 30, 2016, 08:06:45 PM
right.
sorry for lack of clarity in question

aDVll

#7
August 30, 2016, 08:10:43 PM
Quote from: shmu26 on August 30, 2016, 08:06:45 PM
right.
sorry for lack of clarity in question
Yeah that is a known quirk that it's already fixed for release version. Basically the rehips user folders don't give access to normal user accounts. To avoid the hassle of copying pasting the rar file you can do one of the 2 options:
1. Change download location of files to be in C:\ReHIPS\Browser
2. Find the isolated user profile of the application that downloads the rar files and change the folder permissions to allow admin to read and write.

shmu26

#8
August 30, 2016, 08:21:06 PM
thanks
"rehips browser" folder has more permissions than "rehipsuser" folder?

aDVll

#9
August 30, 2016, 08:26:10 PM
Quote from: shmu26 on August 30, 2016, 08:21:06 PM
thanks
"rehips browser" folder has more permissions than "rehipsuser" folder?
It will be corrected in release version. Rehips user folders will give access to real user to read and write.

fixer

#10
August 30, 2016, 08:58:09 PM
Quote from: shmu26 on August 30, 2016, 07:46:50 PM
I was not able to install it with deployer.
What was wrong? Should work OK.

Quote from: shmu26 on August 30, 2016, 07:46:50 PM
But I found a workaround: if I copy a shortcut of it to a ReHIPS user folder, that way I can get permission to extract a file in that isolated location.
However,  winrar itself does not run isolated.
You can use RulesManager in the latest build and change it to Allow in isolation, it should have its own subfolder in ReHIPS folder (Archives, if I remember correctly) will all the needed permissions.

Quote from: shmu26 on August 30, 2016, 07:46:50 PM
and I unticked "ignore file modifications".
If it was installed in Program Files, then this location is secure and requires admin privileges to change files in it, so it's quite secure to leave this tick on.

shmu26

#11
August 30, 2016, 09:19:12 PM
Quote from: fixer on August 30, 2016, 08:58:09 PM
Quote from: shmu26 on August 30, 2016, 07:46:50 PM
I was not able to install it with deployer.
What was wrong? Should work OK.


I am switching now to new build, but with the standard build, I got error "Failed.. "

aDVll

#12
August 30, 2016, 09:22:11 PM
Quote from: fixer on August 30, 2016, 08:58:09 PM
Quote from: shmu26 on August 30, 2016, 07:46:50 PM
I was not able to install it with deployer.
What was wrong? Should work OK.
It's probably that thing that rehips doesn't have permission to the folder it needs to copy the installer. You fixed that but maybe the fix it's not in his version.

@shmu26
What version do you use. RC2 or ealier?

shmu26

#13
August 30, 2016, 09:24:24 PM
I used RC2
Print
Go Up Pages1
User actions