I'm afraid not.
The issue is still under investigation by our dev team. It seems that it is not a trivial fix, so that's why it is taking a bit longer.
Best regards,
Catalin
Suggested Articles
Re: Installer allows a tampered script
Hello Sasha,
I'm afraid not.
The issue is still under investigation by our dev team. It seems that it is not a trivial fix, so that's why it is taking a bit longer.
Best regards,
Catalin
I'm afraid not.
The issue is still under investigation by our dev team. It seems that it is not a trivial fix, so that's why it is taking a bit longer.
Best regards,
Catalin
Re: Installer allows a tampered script
I see that v23.5 has implemented the integrity check now.
Thanks.
Thanks.
Re: Installer allows a tampered script
Hello Sasha,
Indeed, we have added this in version 23.5.
In the meantime, we also released a point release, 23.5.1, so you might want to download that.
Best regards,
Catalin
Indeed, we have added this in version 23.5.
In the meantime, we also released a point release, 23.5.1, so you might want to download that.
Best regards,
Catalin
Re: Installer allows a tampered script
yes, I noticed that.
Re: Installer allows a tampered script
I just gave it a try.
Started the installer, found the .ps1 file extracted into the temp folder. Opened it - it's signed.
Modified the file, including deleting a part of the signature block.
Proceeded with the installation. It went without a hitch.
I suppose the reason for that is that this temp file is sourced via the dot operator in an inline PS custom action.
Not sure this is a flow that AI can support. Perhaps only the direct 'run attached script file' can be verified.
Maybe AI could do it by verifying all PS scripts files it extracted every time it's about to invoke an inline PS script.
Started the installer, found the .ps1 file extracted into the temp folder. Opened it - it's signed.
Modified the file, including deleting a part of the signature block.
Proceeded with the installation. It went without a hitch.
I suppose the reason for that is that this temp file is sourced via the dot operator in an inline PS custom action.
Not sure this is a flow that AI can support. Perhaps only the direct 'run attached script file' can be verified.
Maybe AI could do it by verifying all PS scripts files it extracted every time it's about to invoke an inline PS script.
Re: Installer allows a tampered script
Hello Sasha,
Wanted to let you know that I tested this on my end and managed to reproduce this.
It looks like there was a miscomunication on our side and we only treated the Inline Scripts and the "PowerShell script file --> Attached Scripts option".
I will create a new ticket so the dev team can investigate this specific scenario with PS1 scripts added as temporary files and then launched via "PowerShell Script File" with "Script from disk" option.
In the meantime, you can use the "Attached Script" option instead of "From disk" and that should get rid of the issue here.
Best regards,
Catalin
Wanted to let you know that I tested this on my end and managed to reproduce this.
It looks like there was a miscomunication on our side and we only treated the Inline Scripts and the "PowerShell script file --> Attached Scripts option".
I will create a new ticket so the dev team can investigate this specific scenario with PS1 scripts added as temporary files and then launched via "PowerShell Script File" with "Script from disk" option.
In the meantime, you can use the "Attached Script" option instead of "From disk" and that should get rid of the issue here.
- Screenshot_113.png (4 KiB) Viewed 1135 times
Best regards,
Catalin
Re: Installer allows a tampered script
Thanks, Catalin.
I do use the 'attached script' in some places and 'inline PS script' in other places.
The thing is that the inline PS script sources the temporary file via the dot operator.
I cannot _always_ use the proposed because some processing needs to be done first.
Perhaps one workaround (or the real solution?) I can use is calling the Get-AuthenticodeSignature before invoking the function. I would imagine that's the same thing AI would do before invoking the inline script - but that could be expensive to do for all inline scripts. Perhaps only those that have the parameter that is the path to the script property. But then the inline script can use the Get-Property to obtain that path internally, so AI wouldn't know to check.
I do use the 'attached script' in some places and 'inline PS script' in other places.
The thing is that the inline PS script sources the temporary file via the dot operator.
Code: Select all
$script = $param
. $script
# some PS code before calling a function from the temporary PS script file
callSomeFuncFromScript someParams
Perhaps one workaround (or the real solution?) I can use is calling the Get-AuthenticodeSignature before invoking the function. I would imagine that's the same thing AI would do before invoking the inline script - but that could be expensive to do for all inline scripts. Perhaps only those that have the parameter that is the path to the script property. But then the inline script can use the Get-Property to obtain that path internally, so AI wouldn't know to check.
Re: Installer allows a tampered script
Hello Sasha,
Understandable - we will try to have this fixed for your scenario also.
Best regards,
Catalin
Understandable - we will try to have this fixed for your scenario also.
This could indeed ba a solution - although I am not sure this is what we are using for the check behind. I can ask the developer on how we do the check for the others and let you know.Perhaps one workaround (or the real solution?) I can use is calling the Get-AuthenticodeSignature before invoking the function. I would imagine that's the same thing AI would do before invoking the inline script - but that could be expensive to do for all inline scripts.
Best regards,
Catalin
FOLLOW US