Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unsigned binaries trigger warnings and UAC dialogs #507

Open
InterLinked1 opened this issue Aug 24, 2023 · 3 comments
Open

Unsigned binaries trigger warnings and UAC dialogs #507

InterLinked1 opened this issue Aug 24, 2023 · 3 comments

Comments

@InterLinked1
Copy link

Upgraded KiTTY today for the first time in forever, and noticed some odd behavior when opening it.

I installed it to Program Files using a batch script so I can pin it to the start menu and the taskbar. However, when opening it, I get prompted that the binary isn't signed:

image

Not the end of the world, but when I uncheck "Always ask", a UAC prompt appears on the Run button:

image

Clicking Run then triggers a UAC dialog, and if dismissed, KiTTY opens normally. Likewise, if the box remains checked, it opens normally. However, it's annoying to have to do this repeatedly. I'm not sure what's triggering this strange behavior, but perhaps the binaries could be signed with some signature to avoid this impediment to usability? I know that PuTTY has never been signed historically but frankly I think this would be an easy improvement that improve usability out of the box so stuff like the below isn't necessary.

In the meantime, using the streams utility part of Sysinternals, this can be worked around as follows:

streams64.exe -d "C:\Program Files\KiTTY\*.exe"

streams v1.60 - Reveal NTFS alternate streams.
Copyright (C) 2005-2016 Mark Russinovich
Sysinternals - www.sysinternals.com

C:\Program Files\KiTTY\cygtermd.exe:
   Deleted :Zone.Identifier:$DATA
C:\Program Files\KiTTY\genpass.exe:
   Deleted :Zone.Identifier:$DATA
C:\Program Files\KiTTY\kageant.exe:
   Deleted :Zone.Identifier:$DATA
C:\Program Files\KiTTY\kitty-beta.exe:
   Deleted :Zone.Identifier:$DATA
C:\Program Files\KiTTY\kitty.exe:
   Deleted :Zone.Identifier:$DATA
C:\Program Files\KiTTY\kittygen.exe:
   Deleted :Zone.Identifier:$DATA
C:\Program Files\KiTTY\kitty_nocompress.exe:
   Deleted :Zone.Identifier:$DATA
C:\Program Files\KiTTY\kitty_portable.exe:
   Deleted :Zone.Identifier:$DATA
C:\Program Files\KiTTY\klink.exe:
   Deleted :Zone.Identifier:$DATA
C:\Program Files\KiTTY\kscp.exe:
   Deleted :Zone.Identifier:$DATA
C:\Program Files\KiTTY\ksftp.exe:
   Deleted :Zone.Identifier:$DATA
@yndx-melkov
Copy link
Contributor

Just in case, have you tried to put kitty to some other place rather than Program Files, like \Users...\AppData\Local ?

@InterLinked1
Copy link
Author

No, because then it wouldn't be available for all users, just per user.
I don't think it's the location, I think it's that it's unsigned.

@yndx-melkov
Copy link
Contributor

Yes, you are right. I've just verified that kitty.exe. Browsers set the NTFS stream you have mentioned when a file is downloaded.

If you download a .zip archive from the releases page, for example, and unpack it by a tool that does not preserve those streams (like most tools), the problem is just not visible.

I think that signing kitty.exe will cause time loss and significant expenses for @cyd01.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@InterLinked1 @yndx-melkov