summary: Restrictive Windows process ACL causes trouble with screen readers, etc class: semi-bug: This might or might not be a bug, depending on your precise definition of what a bug is. priority: high: This should be fixed in the next release. absent-in: 0.66 present-in: 0.67 fixed-in: e22120fea8d39e6a2ef6b2f4ab3ee5502f56169a 2017-01-30 (0.68)
In PuTTY 0.67 on Windows, we restricted the process ACL with
SetSecurityInfo() in an attempt to defend against malicious other
processes (such as
PuttyRider)
injecting code, reading sensitive data, etc. (In 0.67 this only applied
to PuTTY and PuTTYtel; in snapshots after 0.67, from 2016-04-03, we also
did this for PSFTP, PSCP, Plink, PuTTYgen, and Pageant.)
Perhaps unsurprisingly, this broke some interactions with other
software. Here are some things that stopped working with 0.67 which
are known or suspected to have been broken by this change:
Screen readers and similar software. In 0.67, unable to read
system menu or PuTTY settings category tree view contents.
Windows Narrator. In the snapshots, we've allowed
PROCESS_QUERY_INFORMATION, which is relatively harmless and
allows Narrator to work.
NVDA. To work fully, this
injects a DLL into PuTTY's memory space (IAccessible2Proxy.dll), so
there's probably nothing we can do to fix this that won't also allow
the likes of PuttyRider back in.
Sharing PuTTY windows (read-only) with Microsoft Lync / Skype
for Windows. (Sharing the entire screen still works, apparently.)
Needs PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,
apparently; we don't have the latter.
Trouble using Git with Plink as a transport
(e.g., 1,
2). Our rights setting
implicitly turns off anything we haven't considered, including the
ability to wait for our return status; apparently adding
SYNCHRONIZE back in fixes this. We have not yet done
this.
Tools like AquaSnap or ac'tivaid used for arranging windows can't
change the PuTTY window's size and position any more.
Software installed in corporate environments such as
'data loss prevention' software
(which watches clipboard operations and the like) has been reportedly
disrupted by this change. Since such software is functionally
indistinguishable from malware, this isn't surprising.
(Of course, debuggers can't attach, but if you're debugging you
could probably have recompiled PuTTY with the UNPROTECT
option.)
It might be possible to tone down our restrictive permissions to allow
harmless interactions with legitimate software. We've done this a little
bit since 0.67, although there's probably scope for more.
However, since it turns out that some screen-reading software (NVDA at
least) has behaviour indistinguishable from malware, that approach won't
be sufficient.
Update, 2017-01: we have turned off these ACL restrictions by
default, so out of the box, all the things that were broken by this
in 0.67 should be working again. A new command-line option
-restrict-acl lets you get something like the 0.67 behaviour
if you don't find it more trouble than it's worth.
If you want to comment on this web site, see the
Feedback page.