My favorites | Sign in
Project Home Downloads Wiki Issues Code Search
New issue   Search
for
  Advanced search   Search tips   Subscriptions
Issue 5719: SetInternetZoneIdentifier does not respect the SaveZoneInformation policy
21 people starred this issue and may be notified of changes. Back to list
Status:  Fixed
Owner:  joaodasilva@chromium.org
Closed:  Apr 2011
Cc:  abarth@chromium.org, danno@chromium.org

Restricted
  • Only users with Commit permission may comment.


Sign in to add a comment
 
Reported by c...@vv.carleton.ca, Dec 19, 2008
Chrome Version       : 1.0.154.36
URLs (if applicable) : N/A
Other browsers tested:
Add OK or FAIL after other browsers where you have tested this issue:
Safari 3:
Firefox 3:
         IE 7: OK

What steps will reproduce the problem?
1. Open Internet Explorer, browse to 
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html, right-
click on putty.exe and save it to the Desktop.
2. Open the Properties of putty.exe. Note that there is a security warning 
about the source of the file and there is an "Unblock" button.
3. Open Google Chrome, browse to the same page, and save the same file 
again.
4. Open the Properties of putty.exe. Note that there is the same warning 
and Unblock button.
5. Open the Group Policy editor (gpedit.msc), browse to User Configuration 
| Administrative Templates | Windows Components | Attachment Manager.
6. Enable the "Do not preserve zone information in file attachments" 
policy. Note that this has the effect of setting the 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attach
ments\SaveZoneInformation key to a DWORD value of 1 (which means *don't* 
save zone information).
7. Open Internet Explorer, browse to the same page, and save the same file 
again.
8. Open the Properties of putty.exe. Note that there is no warning and no 
Unblock button.
9. Open Google Chrome, browse to the same page, and save the same file 
again.
10. Open the Properties of putty.exe. Note that the warning is still 
present, as is the Unblock button.

What is the expected result?
The downloaded file should not be marked unsafe.

What happens instead?
The downloaded file is marked unsafe. The SaveZoneInformation policy is 
ignored by Google Chrome.


Please provide any additional information below. Attach a screenshot if 
possible.
Google Chrome uses SetInternetZoneIdentifier (bottom of http://src.chromium.org/viewvc/chrome/trunk/src/chrome/common/win_safe_util
.cc) to attach the zone information to the downloaded file. It should 
instead use IAttachmentExecute::Save (http://msdn.microsoft.com/en-
us/library/bb776299(VS.85).aspx).

For more information about the SaveZoneInformation key, see 
http://support.microsoft.com/kb/883260.

Note that reading the SaveZoneInformation key directly is most likely _not_ 
a good solution in the long term, since it is Microsoft's implementation 
detail and may change without notice, particularly in, for example, Windows 
7.


security-warning-zone.PNG
13.7 KB   View   Download
Dec 19, 2008
#1 abarth@chromium.org
Thanks for your detailed report.  You seem to have a clear idea how we should fix 
this issue.  Would you be willing to provide a patch?  Thanks!
Status: Untriaged
Owner: aba...@chromium.org
Cc: aba...@chromium.org
Labels: -Area-Misc Area-BrowserBackend
Dec 20, 2008
#2 cronos...@gmail.com
Sorry, I didn't mean to sound like a jerk. I was hoping that someone who had already 
set up the development environment could write one to avoid my spending the time 
setting it up for a 5-line patch. At the very least, I wanted the issue to be in the 
tracker.
Dec 20, 2008
#3 abarth@chromium.org
Ok.  I'll take a look at it.  I thought you might enjoy writing the patch yourself.  
:)
Jan 14, 2009
#4 mal.chromium@gmail.com
(No comment was entered for this change.)
Labels: -Type-Bug -Pri-2 Type-Feature Pri-3 Mstone-X
Jan 21, 2009
#5 mal.chromium@gmail.com
(No comment was entered for this change.)
Status: Assigned
Apr 25, 2009
#6 j...@chromium.org
(No comment was entered for this change.)
Labels: os-win7
Apr 25, 2009
#7 j...@chromium.org
(No comment was entered for this change.)
Labels: -os-win7 OS-Windows
Dec 16, 2009
#8 mats.tor...@gmail.com
Not sure if this is related enough to be in the same issue, but if you try to run the 
blocked exe file directly from the chrome download bar or download page, it will just 
pause for a few seconds and then do nothing without any notification or warning. 
Expected behaviour would be to receive the same message you tyhat get when you attempt 
to run the file directly from the file system ("Windows cannot access the specified 
device, path, or file. You may not have the appropriate permissions to access the 
item.")
Dec 16, 2009
#9 cronos...@gmail.com
I have been seeing the few seconds pause, then the Security Warning showing me the code 
signer. When I run them directly I get the same warning, but much quicker. I don't 
think I've ever gotten "Windows cannot access the specified device, path, or file".
My best guess so far has been that the pause is related to code signing verification, 
but I have no evidence to back that.
Dec 17, 2009
#10 or...@chromium.org
Labels Update:

Replace Area-BrowserBackend by Area-Internals
Labels: -Area-BrowserBackend Area-Internals
Jan 27, 2010
#11 mailwang...@gmail.com
I have been trapped by this problem for long time.
So I modified win_safe_util.cc as following:

bool SetInternetZoneIdentifierDirect(const FilePath& full_path) {
  const DWORD kShare = FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE;
  std::wstring path = full_path.value() + L":Zone.Identifier";
  HANDLE file = CreateFile(path.c_str(), GENERIC_WRITE, kShare, NULL,
                           OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
  if (INVALID_HANDLE_VALUE == file)
    return false;

  const char kIdentifier[] = "[ZoneTransfer]\nZoneId=3";
  DWORD written = 0;
  BOOL result = WriteFile(file, kIdentifier, arraysize(kIdentifier), &written,
                          NULL);
  BOOL flush_result = FlushFileBuffers(file);
  CloseHandle(file);

  if (!result || !flush_result || written != arraysize(kIdentifier)) {
    NOTREACHED();
    return false;
  }

  return true;
}

bool SetInternetZoneIdentifier(const FilePath& full_path) {
	ScopedComPtr<IAttachmentExecute> attachment_services;
	HRESULT hr = attachment_services.CreateInstance(CLSID_AttachmentServices);
	if (FAILED(hr)) {
		// We don't have Attachment Execution Services, it must be a pre-
XP.SP2
		// Windows installation, or the thread does not have COM initialized.
		return SetInternetZoneIdentifierDirect(full_path);
	}

	// This GUID is associated with any 'don't ask me again' settings that the
	// user can select for different file types.
	// {2676A9A2-D919-4fee-9187-152100393AB2}
	static const GUID kClientID = { 0x2676a9a2, 0xd919, 0x4fee,
	{ 0x91, 0x87, 0x15, 0x21, 0x0, 0x39, 0x3a, 0xb2 } };

	attachment_services->SetClientGuid(kClientID);

	hr = attachment_services->SetLocalPath(full_path.value().c_str());
	if (FAILED(hr))
		return false;

	hr = attachment_services->Save();
	return SUCCEEDED(hr);
}

However, when debugging, attachment_services->Save() failed and returned 0x800c000e.
After analyzing for a while, the file "full_path" is generated by calling 
GetTempFileName(...) API. So calling IAttachmentExecute::Save on a temporary file 
won't success.

Attach is modified win_safe_util.cc
win_safe_util.cc
5.3 KB   View   Download
Jan 27, 2010
#12 cronos...@gmail.com
There is some information to that effect in the MSDN page for
IAttachmentExecute::Save [1]:

"IAttachmentExecute::Save should always be called if the local path declared in
IAttachmentExecute::SetLocalPath is not the path of a temporary directory."

No idea what should be done if the path is in fact in the temp directory though.

One (very ugly and hacky) idea is to apply Save() to an empty file elsewhere on the
filesystem, then copy over the alternate data streams. Then the question becomes,
where do we place this file?

I will dive into the Save() internals tonight, maybe I can find a way to coax it into
doing what we want.

[1] http://msdn.microsoft.com/en-us/library/bb776299%28VS.85,lightweight%29.aspx

Jan 27, 2010
#13 cronos...@gmail.com
I wonder what IE does if I try to save a downloaded file in the temp directory..
Jan 27, 2010
#14 mailwang...@gmail.com
In fact,save() will fail on temperory file, because the file is created by GetTempFileName() API.
Jan 27, 2010
#15 cronos...@gmail.com
I'm concerned by the error case for creating CLSID_AttachmentServices (this is more aimed toward the 
Chromium developers *hint hint, nudge nudge*):

HRESULT hr = attachment_services.CreateInstance(CLSID_AttachmentServices);
if (FAILED(hr)) {
  // We don't have Attachment Execution Services, it must be a pre-XP.SP2
  // Windows installation, or the thread does not have COM initialized.
  return SetInternetZoneIdentifierDirect(full_path);
}

If FAILED(hr) indeed is most likely due to pre-XP SP2, why manually mark the file as unsafe? Pre-XP 
SP2 means no one will be around to pick up on the ADS anyway.

I'm inclined to make the failure mode of all of this a no-op, comments?

Jan 27, 2010
#16 cronos...@gmail.com
From reading Mozilla usage of CLSID_AttachmentServices 
(http://mxr.mozilla.org/mozilla/source/toolkit/components/downloads/src/nsDownloadScann
er.cpp), it seems that ->Save() also invokes anti-virus scanners registered with the 
shell (whereas writing the ADS manually does not) -- just something to keep in mind.
Jan 27, 2010
#17 cronos...@gmail.com
mailwangkun, I have tried saving a file to the temp directory using IE and the zone 
identifier is set properly. What makes you think this is the reason for the error?

I tried the attached code and could not reproduce error 0x800c000e. Can you give a 
standalone program that reproduces it?
stdafx.h
355 bytes   View   Download
main.cpp
744 bytes   View   Download
Jan 28, 2010
#18 mailwang...@gmail.com
just change the file extension to .tmp.
It's all about the file extension, no matter what the path is.
Once the file is ended with .tmp, you will get the lovely 0x800c000e :)
Jan 28, 2010
#19 cronos...@gmail.com
The 0x800c000e error can be avoided by calling SetSource.

Here is a patch against r37376 which solves this bug. Tested on Windows XP SP3 with a 
file ending in .tmp (corner case; see discussion above) and with the group policy both 
enabled and disabled.

Regarding the change to SaveFile, I wasn't sure whether to use url or final_url. 
Comments?
chromium-r37376-zoneinfo-bug5719.diff
5.3 KB   View   Download
Jan 29, 2010
#20 mailwang...@gmail.com
I've tried that patch, it really works:)
In SaveFile(),  I think using final_url is better. In 
src\chrome\browser\download\save_types.h, it says final_url means "Final URL of the 
saved resource since some URL might be redirected."
But maybe url or final_url will not affect the result, the "pszSource
" in IAttachmentExecute::SetSource is used  as the primary zone determinant.
Jan 29, 2010
#21 mailwang...@gmail.com
I also think calling AnnotateWithSourceInformation() in DownloadFile::Open is not so 
good.
In my opinion, calling AnnotateWithSourceInformation() in 
DownloadFileManager::OnFinalDownloadName, after download->Rename(full_path) is better, 
just like the way OS_MACOSX does.
Jan 30, 2010
#22 cpu@chromium.org
I assigned this 'enterprisy' bug to you. There is a patch so should be easy to fix.

I think it could be Pri-2.

Owner: gwil...@chromium.org
Feb 1, 2010
#23 gwil...@chromium.org
(No comment was entered for this change.)
Labels: Enterprise
Feb 7, 2010
#24 cronos...@gmail.com
Any news on this?
Feb 8, 2010
#25 gwil...@chromium.org
Not sure why it's assigned to me :)

Cronos586, can you submit your patch for review on chromium.org?  If it fixes the 
issue, we can land the patch and this may be resolved.
Feb 8, 2010
#26 thakis@chromium.org
The patch is at http://codereview.chromium.org/590001 . It's currently running through 
the trybots. Maybe one of the people on this bug can take a look?
Apr 8, 2010
#27 gwil...@chromium.org
Adding new label.
Labels: Feature-Enterprise
Apr 21, 2010
#28 dhw@chromium.org
(No comment was entered for this change.)
Labels: -Enterprise
Oct 12, 2010
#29 igor.sve...@googlemail.com
What's the current status of this issue? The issue was reported in 2008 and the current Chrome version (tested 7.0.544.0-dev) still doesn't respect the policy settings.

There is a patch, but I don't see why it hasn't passed the trybots yet.

So please, could anybody explain to me, what's the current status is? Please look into this issue, thanks ;-)
Oct 13, 2010
#30 cronos...@gmail.com
Issue is still sitting in codereview; I don't have time to look at it in the near future.
Dec 24, 2010
#31 toxa%tox...@gtempaccount.com
Please remove this annoying bug!
Jan 22, 2011
#32 heavenma...@gmail.com
I can't believe it's been 2 years... this bug drives me insane!
Mar 23, 2011
#33 toxa%tox...@gtempaccount.com
Any news? Chrome 10 still litters in My Documents folder.
Mar 25, 2011
#34 Seise...@gmail.com
Why this critical BUG is called 'Feature'?

Chromium designers are thinking long and working hard to invent - "Hey, after so many days of contests we decide to add amazing new feature: to follow Microsoft well-known rules which are created long time ago for users usability. After our best developers will implement this hardest Feature all Internet will say: Wow, Chromium developers be able to do such unbelievable discovery and hardcoding!!!". Do you think that way?

gwilson... or cronos... or dhw... or someone with proper rights - please if you do not have time to take care about this critical bug (in 2-3 years you already have not) then make it unassigned, to other developers can see it in the common list of issues to do. Chromium has about 100 changesets per week so I think someone will find time to fix this p0 bug... well it's not a crash, let it be p1 bug.
Mar 25, 2011
#35 gwil...@chromium.org
Still not sure why this was assigned to me in the first place.
Status: Available
Owner: ---
Apr 23, 2011
#36 andreas....@gmail.com
This is getting quite annoying. When will this be fixed? It's been over 2 years and still nothing.
Apr 25, 2011
#37 gwil...@chromium.org
Marking this with some new tags to see if the Downloads folks could help here.  It's worth noting that there was a patch for this up in comment 26...
Status: Untriaged
Labels: Feature-Downloads
Apr 26, 2011
#38 phajdan.jr@chromium.org
+danno, you might be interested in making Chrome obey Windows Group Policy (consider adding yourself to auto-CC list of Feature-Enterprise label).

There is a user-submitted patch for this, http://codereview.chromium.org/590001 and Glenn's version at http://codereview.chromium.org/576011/show (Glenn, what was the problem with that one?).
Cc: danno%ch...@gtempaccount.com
Apr 26, 2011
#39 gwil...@chromium.org
(Chrome does obey group policy for some settings, see dev.chromium.org/administrators)

The 590001 patch above probably does the trick but was abandoned and probably 'bit rotted'.  Someone probably just needs to clean up that patch and land it, I'm guessing.


Apr 26, 2011
#40 danno@chromium.org
This bug is not related to the Chrome Enterprise feature set. However, it's been languishing for quite some time now and it is vaguely enterprise related, so I'll try to find an owner who can verify the change and land the patch.
Apr 27, 2011
#41 joaodasilva@chromium.org
(No comment was entered for this change.)
Status: Started
Owner: joaodasilva@chromium.org
Apr 29, 2011
#42 bugdro...@chromium.org
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=83502

------------------------------------------------------------------------
r83502 | joaodasilva@chromium.org | Fri Apr 29 04:38:12 PDT 2011

Changed paths:
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/common/win_safe_util.cc?r1=83502&r2=83501&pathrev=83502
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/download/base_file.cc?r1=83502&r2=83501&pathrev=83502
 M http://src.chromium.org/viewvc/chrome/trunk/src/base/test/test_file_util_win.cc?r1=83502&r2=83501&pathrev=83502
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/common/win_safe_util.h?r1=83502&r2=83501&pathrev=83502

Use the IAttachmentExecute service to set the Zone.Identifier stream,
when available. This is used to mark files as untrusted, because they were downloaded from the internet.

The DownloadTest.CheckInternetZone browser test was failing previously because
the Zone.Identifier stream created by the IAttachmentExecute service uses \r\n
for newlines, and the test was checking for \n.

See also http://codereview.chromium.org/590001, which this should close.

BUG=5719
TEST=DownloadTest.CheckInternetZone

Review URL: http://codereview.chromium.org/6880236
------------------------------------------------------------------------
Apr 29, 2011
#43 joaodasilva@chromium.org
(No comment was entered for this change.)
Status: Fixed
Oct 12, 2012
#44 bugdro...@chromium.org
This issue has been closed for some time. No one will pay attention to new comments.
If you are seeing this bug or have new data, please click New Issue to start a new bug.
Labels: Restrict-AddIssueComment-Commit
Mar 10, 2013
#45 bugdro...@chromium.org
(No comment was entered for this change.)
Labels: -Area-Internals -Feature-Enterprise -Feature-Downloads Cr-Internals Cr-Enterprise Cr-UI-Browser-Downloads
Sign in to add a comment

Powered by Google Project Hosting