Installer not continuously signed

[stephannn]

Please note that security bugs or issues should be reported to security@pgadmin.org.

Describe the bug

At work we use Microsoft AppLocker and most apps in the user context are allowed by certificate. The pgadmin4-8.14-x64.exe admin installer is signed, but during the setup a tmp file is triggered which is no signed. Running the pgadmin4-8.14-x64.exe results in these logs:

pgadmin4-8.14-x64.exe was allowed to run.
%OSDRIVE%\USERS\MyUser\APPDATA\LOCAL\TEMP\2\IS-5LIUQ.TMP\PGADMIN4-8.14-X64.TMP was prevented from running.

Are more detailed log can be found in the details tab of the event:

+ System 
  - Provider 

   [ Name]  Microsoft-Windows-AppLocker 
   [ Guid]  {cbda4dbf-8d5d-4f69-9578-be14aa540d22} 
 
   EventID 8004 
 
   Version 0 
 
   Level 2 
 
   Task 0 
 
   Opcode 0 
 
   Keywords 0x8000000000000000 
 
  - TimeCreated 

   [ SystemTime]  2025-02-03T13:05:41.1525350Z 
 
   EventRecordID 3634 
 
   Correlation 
 
  - Execution 

   [ ProcessID]  7688 
   [ ThreadID]  8052 
 
   Channel Microsoft-Windows-AppLocker/EXE and DLL 
 
   Computer MyHost.Contoso.com
 
  - Security 

   [ UserID]  S-1-5-21-**** 
 

- UserData 

  - RuleAndFileData 

   PolicyNameLength 3 
 
   PolicyName EXE 
 
   RuleId {00000000-0000-0000-0000-000000000000} 
 
   RuleNameLength 1 
 
   RuleName - 
 
   RuleSddlLength 1 
 
   RuleSddl - 
 
   TargetUser S-1-5-21-****
 
   TargetProcessId 11972 
 
   FilePathLength 78 
 
   FilePath %OSDRIVE%\USERS\MyUser\APPDATA\LOCAL\TEMP\2\IS-5LIUQ.TMP\PGADMIN4-8.14-X64.TMP 
 
   FileHashLength 32 
 
   FileHash 6EFEC37D80B39E5C3A74CD9A3364AB17C7E49B7C3F84EF8FA17CB421884FC3AD 
 
   FqbnLength 1 
 
   Fqbn - 
 
   TargetLogonId 0xbdf870a 
 
   FullFilePathLength 71 
 
   FullFilePath C:\Users\MyUser\AppData\Local\Temp\2\is-5LIUQ.tmp\pgadmin4-8.14-x64.tmp 

As you can see, the Fqbn is empty.

To Reproduce

Steps to reproduce the behavior:

1. Setup AppLocker
2. Allow the used certificate for pgadmin4-8.14-x64.exe:

Get-AppLockerFileInformation .\pgadmin4-8.14-x64.exe | Format-List

RunspaceId : eba501a5-f09d-4946-8ccb-af34bbc368e3
Path       : %OSDRIVE%\USERS\MyUser\DOWNLOADS\PGADMIN4-8.14-X64.EXE
Publisher  : O=ENTERPRISEDB CORPORATION, S=MASSACHUSETTS, C=US\PGADMIN 4\,0.0.0.0
Hash       : SHA256 0x5AD2561749ADA116D5CE93132800C70EE32E2A9BAA32433CFC66BDF3459B920D
AppX       : False

Expected behavior

The the installer is continuously signed

[adityatoshniwal]

Hi @dpage,

How do you think we can handle this case?

[dpage]

I have no idea. The internals of how the installer work are not managed by us, but by InnoSetup.

[stephannn]

Hi @dpage,
hi @adityatoshniwal,

at first thanks for even thinking about it. I googled what you said about using InnoSetup and I found following blog: https://blog.osarmor.com/340/innosetup-sign-installer-uninstaller/ which seems to describe the issue. I personally never used InnoSetup, I am more into MSI, but maybe you can check it?

[adityatoshniwal]

@stephannn I checked our build process and it is already signing the installers as per the blog. You can check here https://github.com/pgadmin-org/pgadmin4/blob/master/Make.bat#L379