How to hide the value of customactiondata in logs of MSI?

六眼飞鱼酱① 提交于 2021-02-10 17:44:22

问题


I have a deferred custom action which fetches a property using Customactiondata, it contains the value of password that should not be displayed in the log .

Packaging tool used: WIX

Custom action written in C++

I have tried the below workarounds nothing seems to be working.

  1. Marked the property and CA name as hidden

  2. Hidetarget = yes in CA definition

what needs to be done?

Code:

<CustomAction Id="CASETLOGINFORRCSERVICES" Return="check" HideTarget="yes" Execute="deferred" Impersonate="no" TerminalServerAware="no" DllEntry="SetLoginForRCServices" BinaryKey="CA_Dll" />

log:

MSI (s) (7C:CC) [18:35:39:011]: Executing op: CustomActionSchedule(Action=CASETLOGINFORRCSERVICES,ActionType=3073,Source=BinaryData,Target=SetLoginForRCServices,CustomActionData=Deps@@@151232323)
MSI (s) (7C:B0) [18:35:39:038]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSIEB69.tmp, Entrypoint: SetLoginForRCServices

回答1:


MsiHiddenProperties: There is a property you can set to hide property values from being written to the log: MsiHiddenProperties property (there are further links in there to more information on preventing confidential information in your MSI).

Custom Action: Setting the attribute HideTarget="yes" for the custom action will set the above property value for you. However this feature does not seem to hide any value you hard-code in the property table from the log - so if you set an actual value for the property in the property table you need to set the property itself hidden as well (you can set a value programmatically or via the GUI without setting it in the property table). Here are samples:

HideTarget="Yes":

<CustomAction Id="ReadProperyDeferred" HideTarget="yes" ... />

Property Hidden="yes":

<Property Id="MYPROPERTY" Hidden="yes" Secure="yes">Text</Property>

Samples: There is a sample WiX source file here which shows the use of all of this The whole project in zip format here: https://github.com/glytzhkof/all/blob/master/DeferredModeSampleCSharp.zip (just click the "Download" button - a bit confusing I think).

Sensitive Information: Here is an answer on preventing sensitive or unwanted information to make it into your MSI: How do I avoid distributing sensitive information in my MSI by accident?


Code Extract: Prefer to open the above sample. However, here is a "compressed" sequence of WiX constructs needed for deferred mode custom actions retrieving data from a set-property custom action:

<Property Id="MYPROPERTY" Hidden="yes" Secure="yes">Send this text to deferred mode</Property>
<Binary Id="CustomActions" SourceFile="$(var.CustomActionSample.TargetDir)$(var.CustomActionSample.TargetName).CA.dll" />

<CustomAction Id="SetProperty" Return="check" Property="ReadProperyDeferred" Value="[MYPROPERTY]" />
<CustomAction Id="ReadProperyDeferred" HideTarget="yes" BinaryKey="CustomActions" Execute="deferred" DllEntry="TestCustomAction" />

<InstallExecuteSequence>
  <Custom Action='SetProperty' Before='InstallInitialize'></Custom>
  <Custom Action='ReadProperyDeferred' Before='InstallFinalize'></Custom>
</InstallExecuteSequence>

Links:

  • WIX execute custom action with admin privilege
  • Older answer of mine on deferred mode



回答2:


Add HideTarget="Yes" to the custom action.



来源:https://stackoverflow.com/questions/64013013/how-to-hide-the-value-of-customactiondata-in-logs-of-msi

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!