Re: A service and WTS
From: Andrew (universalkludge_at_hotmail.com)
Date: 02/20/04
- Next message: Warren Ryd: "Re: IM driver crash & resets"
- Previous message: Rogue: "How to launch the "Printer Queue View" in Windows 98?"
- In reply to: Maxim S. Shatskih: "Re: A service and WTS"
- Next in thread: Maxim S. Shatskih: "Re: A service and WTS"
- Reply: Maxim S. Shatskih: "Re: A service and WTS"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 20 Feb 2004 11:02:05 -0800
Thank you for pointing me out this book, I placed my order right away.
>
> Sorry. The
> - "I need some user mode information"
> is one thing. But:
> - "I need some information from the user input"
> is another thing.
>
> What of these two do you need?
Both things
>
> More protected. All points where the security boundary is crossed (from
the app
> to the service) are listed and documented (in COM's .IDL file usually).
>
This makes sense
>
>CreateProcessAsUser requires explicit password specification. Where do you
want
>to keep the password?
>
Actually it requires a handle to a primary token that represents a user,
which could be obtained by WTSQueryUserToken(ULONG SessionId,PHANDLE
phToken);
An excerpt from MSDN - To call this function successfully, the calling
application must be running
within the context of the LocalSystem account and have the SE_TCB_NAME
privilege.
Andrew
"Maxim S. Shatskih" <maxim@storagecraft.com> wrote in message
news:OGSyG299DHA.1052@TK2MSFTNGP12.phx.gbl...
> I would suggest you to read a great book on such (and other) cases.
The
> book written by Microsoft's David LeBlank and Michael Howard and is called
> "Writing Secure Code".
> ISBN 0-7356-1722-8
>
> >I need some user mode information in my driver before any user logs on,
so
> >that'll be a service.
>
> Sorry. The
> - "I need some user mode information"
> is one thing. But:
> - "I need some information from the user input"
> is another thing.
>
> What of these two do you need? If second - then sorry, your driver will be
> either defunct will the user will log on, or will run in some default
mode.
> After the user will log on, it will run some UI app, which will call the
> necessary IOCTLs in your driver.
>
> If first - then why having UI in the service?
>
> > What's so wrong to impersonate a logged-on user and interact with the
user
> > from a service directly?
>
> A potential security hole. First of all, the window manager is unprotected
at
> all. Some malicious app will just do a couple of SendMessage to your edit
> control, causing buffer overrun in your code - which is the privileged
code.
> This technique is well-described.
>
> > How an interaction thru a proxy application started by HKLM\..\Run is
any
> > better?
>
> More protected. All points where the security boundary is crossed (from
the app
> to the service) are listed and documented (in COM's .IDL file usually).
>
> > Is starting an application by CreateProcessAsUser from a service a bad
thing
> > as well?
>
> CreateProcessAsUser requires explicit password specification. Where do you
want
> to keep the password?
>
> In "c:\admin_password.txt" file? Then yes, CreateProcessAsUser is bad :-)
> In DPAPI or LSA secret? Then CreateProcessAsUser is OK.
>
> > Should CreateProcess from a service be banned?
>
> No for sure.
>
> > I am not sure here, do you mean a driver talks to a service via inverted
> > call path?
> > (requesting an info from a service by completing a previously pended
IRP,
> > and obtaining this information from the next IRP to pend?)
>
> Yes. Exactly so.
>
> --
> Maxim Shatskih, Windows DDK MVP
> StorageCraft Corporation
> maxim@storagecraft.com
> http://www.storagecraft.com
>
>
- Next message: Warren Ryd: "Re: IM driver crash & resets"
- Previous message: Rogue: "How to launch the "Printer Queue View" in Windows 98?"
- In reply to: Maxim S. Shatskih: "Re: A service and WTS"
- Next in thread: Maxim S. Shatskih: "Re: A service and WTS"
- Reply: Maxim S. Shatskih: "Re: A service and WTS"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
