Apache Friends Support Forum

Skip to content

[bug] xampp-control.ini wrong permissions since XAMPP 7.4.4

Problems with the Windows version of XAMPP, questions, comments, and anything related.
Forum rules
Post a reply

[bug] xampp-control.ini wrong permissions since XAMPP 7.4.4

Postby barto » 26. September 2020 16:02

Hi,
Since XAMPP 7.4.4 (in Windows 10), the xamp-control.ini file is created with only reading permission. In XAMPP 7.4.3 (and previous versions) this file was created with all the permissions. So, when the XAMPP control panel is closed in XAMPP 7.4.4, an access error is prompted.

I do not know if this is intented or it is a bug. This problem has been reported before in this forum, but people just advise reporters to execute XAMPP control panel as an administrator. The problem can be avoided this way, but in the past it has been possible to execute XAMPP control panel not as an administrator.

I have made some screenshots (Windows is in Spanish):

xampp-control.ini permissions in XAMPP 7.4.3 and previous versions:
Image

xampp-control.ini permissions in XAMPP 7.4.4 and following versions:
Image

error prompt window when XAMPP control panel is closed (XAMPP 7.4.4)
Image

Thanking you in advance,
Bartolome Sintes
barto
 
Posts: 1
Joined: 26. September 2020 11:25
XAMPP version: 7.4
Operating System: windows 10
Top

Re: [bug] xampp-control.ini wrong permissions since XAMPP 7.

Postby Beltran » 27. October 2020 19:07

Hi,

Thanks for reporting it. This was a change that fixes a security issue in Windows Platforms CVE-2020-11107 reported by Maximilian Barz. XAMPP Windows versions lower than 7.2.29, 7.3.16 and 7.4.4 allow an unprivileged User to access and modify its editor and browser configuration. An attacker could modify the "xampp-contol.ini" to set a value to a malicious .exe or .bat file that is gets executed after another user tries to open it via the control panel. We, as XAMPP maintainers, decided to drop that write privilege to the ini file for non-administrators in Windows to prevent that vulnerability.

The workaround would be to enable back the write privileges and to be aware of this potential issue, modify the ini file with an editor the properties you need or to run the XAMP Control panel as administrator. Let us know if you have any other suggestions.
User avatar
Beltran
Power-User
 
Posts: 170
Joined: 22. March 2013 12:29
XAMPP version: 10
Operating System: Windows, Linux, OS X
Top

Re: [bug] xampp-control.ini wrong permissions since XAMPP 7.

Postby Zia3000 » 16. November 2020 16:50

I was referred to this post because I am seeing the same error when shutting down xampp.
But i am confused.
Are you saying that these error messages are ok and I should just click through them to shut down?
Or am I supposed to change something.
I am extremely new to xampp and am using it for local wordpress testing.
Thanks for any help you can give me.
I posted about this with a bit more detail yesterday and was directed here.
Zia3000
 
Posts: 19
Joined: 16. November 2020 05:52
XAMPP version: 7.4.11
Operating System: windows-x64
Top
Post a reply

Return to XAMPP for Windows

Who is online

Users browsing this forum: No registered users and 206 guests

Powered by Bitnami phpBB
Privacy Policy