Skip to content

Sign shims generated by Chocolatey #358

New issue
New issue
Open
Open
Sign shims generated by Chocolatey#358
Labels
0 - TriagingIssue is accepted, but a milestone has yet to be added for the issue.EnhancementIssues that introduce new functionality to the project, or enhances/updates existing functionality.SecurityIssues that are related to security vulnerabilities, or other security related problems.shimgen
@hambone124

Description

@hambone124
hambone124
opened on Jan 4, 2018

What You Are Seeing?

When certain packages are installed, Chocolatey generates shims for executables within the packages. For enterprises that implement AppLocker, executables that are not signed or don't have their file hash added to their Allow rule list are immediately blocked. These shims are generated without being signed and with unique hashes per machine. This creates significant overhead for an admin wanting to secure their environment with AppLocker.

What is Expected?

Sign shims generated by Chocolatey, so that the certificate may be added to AppLocker and significantly reduce the effort needed to use shims.

How Did You Get This To Happen? (Steps to Reproduce)

An example would be the camunda-modeler package, which installs the executable within the Chocolatey lib folder and generates a shim within the Chocolatey bin folder.

Metadata

Metadata

Assignees

No one assigned

    Labels

    0 - TriagingIssue is accepted, but a milestone has yet to be added for the issue.EnhancementIssues that introduce new functionality to the project, or enhances/updates existing functionality.SecurityIssues that are related to security vulnerabilities, or other security related problems.shimgen

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions