[wix-devs] Issue 5371
Ron Martin
cpuwzd at comcast.net
Thu Apr 28 11:04:55 PDT 2022
I'd like to discuss Issue 5371. I worked on this issue nearly a year
ago, but it was never merged. I've recently brought it up to date so
that it is once again mergeable.
There are, however, still a couple of open issues:
1) I need to create a simple test that demonstrates that the msi is
created or modified with the proper user name, password, and comment
without executing the msi. This can always be run as part of the Wix
installation.
2) An optional test can perform more aggressive testing. I don't like my
current design, which creates a desktop shortcut when it is run. I'd
like to have a more Wix-centric location in which to place an msi file
that creates or modifies the test user account when installed and
removes it when uninstalled.
3) Where should the optional test be installed and how should it be
accessed?
4) Where should the msi generated by this msi be placed?
5) Should this msi be installed and uninstalled manually, with the user
verifying the the user account creation, modification, and deletion, or
should all of this be automated?
6) If manual, should prompting be supplied? By whom? When?
7) If automated, how should elevation be handled?
8) Should extra steps be taken to minimize the increase in Wix's attack
surface created by this test.
9) The thought that Wix can be used to create privileged accounts
through a silent install or as a trojan horse gives me nightmares.
Ron
More information about the wix-devs
mailing list