Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Path assumptions #21

Open
jimbobmcgee opened this issue Jun 30, 2017 · 0 comments
Open

Path assumptions #21

jimbobmcgee opened this issue Jun 30, 2017 · 0 comments

Comments

@jimbobmcgee
Copy link

jimbobmcgee commented Jun 30, 2017
edited
Loading

There are some assumptions made with regards either to installation paths, or to applications being on the PATH variable...

  1. /lib/winrm/shells/elevated.rb, line 71

    • For instance, I have an old server instance that has been through the OS upgrade + virtualisation mill, so is actually limping along with a Windows path of E:\WINNT...
    • perhaps replace c:/windows with path determined by remote system, e.g. ask the Powershell shell for the Windows path before uploading the script:

      • Sticking with WINDIR\Temp:

        $uploaddir = [IO.Path]::Combine(($env:SYSTEMROOT, $env:WINDIR, 'c:\windows' -ne $null)[0], 'temp')

        (i.e. falling back to c:\windows if neither variable is set)

      • alternatively, use the common (all users) AppData folder in case of a write-permissons failure to C:\Windows (i.e if using an non-admin account)

        $uploaddir = ([Environment]::GetFolderPath('CommonApplicationData'), 'c:\windows\temp' -ne $null)[0]

  2. /lib/winrm-elevated/scripts/elevated_shell.ps1, line 54

    • If the PATH variable is trimmed, the literal string cmd will not work (or may allow someone to place another exe called 'cmd.com' in the way, which will be run instead);
    • You can reasonably ask Powershell where cmd.exe is using $env:COMSPEC or [IO.Path]::Combine([Environment]::SystemDirectory, 'cmd.exe')

  3. /lib/winrm-elevated/scripts/elevated_shell.ps1, line 61

    • Similarly, if not on the PATH, the literal string powershell.exe may not work as intended

    • Again, you can ask Powershell where powershell.exe, e.g. "$PSHOME\powershell.exe"

    • If any of the paths folded into your $arguments end up with spaces or special characters in them, you will need to double-quote the path, but you should not double-quote if they don't need it — you are, of course, fighting both Scheduled Tasks's quoting requirements, cmd.exe's quoting requirements and Powershell's quoting requirements all at once...

      $psexe = if ($PSHOME -match '\s') { "`"$PSHOME\powershell.exe`"" } else { "$PSHOME\powershell.exe" }

PS: if you are building up XML in Powershell, using user-supplied parameters, you might want to escape them first. Easiest way I can think of is passing through XText, e.g.

Add-Type -AssemblyName System.Xml.Linq
$arguments = "/c $psexe ... 2>&1"
$arguments = (New-Object Xml.Linq.XText($arguments)).ToString()
#> outputs: /c E:\WINNT\system32\WindowsPowerShell\v1.0\powershell.exe ... 2>&1

# or...
$task_xml = $task_xml.Replace("{username}", (New-Object Xml.Linq.XText($username)).ToString())
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jimbobmcgee