fix(installer): do not quote servicepath in registy #1765
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
PR Description
See #1764 for context
Which issue(s) this PR fixes
Fixes #1764
Notes to the Reviewer
This change reverts a fix in context of CVE-2024-8975. This change needs to be carefully reviewed.
https://grafana.com/blog/2024/09/25/grafana-alloy-and-grafana-agent-flow-security-release-high-severity-fix-for-cve-2024-8975-and-cve-2024-8996/?camp=blog&cnt=Today+we+released+Grafana&mdm=social&src=li
However, the current approach breaks any Windows Setup.
The registry value with quotes is passed to the exec.Command call from go. I needs to be check, if
exec.Command
is affected fromc:\Program.exe
as well. At least I test the potential issue on a Windows Server 2022 and everything still works as expected. The Program.exe in not called.PR Checklist