Issue metadata
Sign in to add a comment
|
AttachmentServices does not respect SaveZoneInformation policy
Reported by
sebastia...@gmail.com,
Sep 25 2016
|
||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2868.3 Safari/537.36 Example URL: Steps to reproduce the problem: 1. Group Policy editor (gpedit.msc) -> User Configuration -> Administrative Templates -> Windows Components -> Attachment Manager. 2. Enable "Do not preserve zone information in file attachments". 2. Download an executable file in Chrome 3. Execute file What is the expected behavior? No "Open File - Security Warning" dialog. No :Zone.Identifier: NTFS data stream in the file. What went wrong? The NTFS data stream is written and a dialog appears. The group policy setting has no effect. Did this work before? Yes Before https://codereview.chromium.org/2123023002/ Chrome version: 55.0.2868.3 Channel: dev OS Version: 6.3 Flash Version: Shockwave Flash 23.0 r0 Related ticket: https://bugs.chromium.org/p/chromium/issues/detail?id=5719 This was working before https://codereview.chromium.org/2123023002/
,
Oct 1 2016
,
Oct 3 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/db9e50adb265249e4082721b10d15050901be42b commit db9e50adb265249e4082721b10d15050901be42b Author: asanka <asanka@chromium.org> Date: Mon Oct 03 15:00:29 2016 [downloads] Correctly plumb client ID for download file scanning. The client GUID for download file scanning wasn't plumbed all the way through the download system. This caused the underlying quarantine logic to always apply the mark-of-the-web even if the local configuration wouldn't have required it. The plumbing for the client GUID was broken in 4350f6a0 (Mar 14, 2016). IAttachmentExecute::Save() continued to function since the client GUID is optional. However, bd57338f (Sep 21, 2016) made it so that Chrome sets the mark-of-the-web directly if no client GUID is present. This CL fixes the plumbing of the client GUID so that AttachmentServices is correctly invoked. Unit testing ensured that downloads were always receiving the MOTW when appropriate. However, there were no end-to-end test that was ensuring that the MOTW didn't get applied when it is not necessary. BUG= 650111 Review-Url: https://codereview.chromium.org/2384713004 Cr-Commit-Position: refs/heads/master@{#422422} [modify] https://crrev.com/db9e50adb265249e4082721b10d15050901be42b/chrome/browser/download/download_browsertest.cc [modify] https://crrev.com/db9e50adb265249e4082721b10d15050901be42b/content/browser/download/download_manager_impl.cc [modify] https://crrev.com/db9e50adb265249e4082721b10d15050901be42b/content/browser/download/download_manager_impl.h
,
Oct 4 2016
,
Oct 7 2016
Confirmed, fixed in 55.0.2882.4, thanks!
,
Oct 7 2016
Thanks! |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by mmenke@chromium.org
, Sep 26 2016Labels: -Type-Bug Type-Bug-Regression
Owner: asanka@chromium.org
Status: Assigned (was: Unconfirmed)