Re: Win32 Service App for Terminal services
From: Slava M. Usov (stripit.slough_at_gmx.net)
Date: 02/02/05
- Next message: Tim Robinson: "Re: Win32 Service App for Terminal services"
- Previous message: vipin: "Re: bidirectional printing"
- In reply to: Alexander Grigoriev: "Re: Win32 Service App for Terminal services"
- Next in thread: Tim Robinson: "Re: Win32 Service App for Terminal services"
- Reply: Tim Robinson: "Re: Win32 Service App for Terminal services"
- Reply: vipin: "Re: Win32 Service App for Terminal services"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 3 Feb 2005 00:10:24 +0100
"Alexander Grigoriev" <alegr@earthlink.net> wrote in message
news:#s75EEXCFHA.444@TK2MSFTNGP15.phx.gbl...
> Ivan,
>
> If a service gets user's session token and calls CreateProcessAsUser with
> that token, will it create a process running with user's privileges, but
> whose ACL owner is LOCAL_SYSTEM?
Documentation on CreateProcessAsUser():
[begin quote]
lpProcessAttributes
[in] Pointer to a SECURITY_ATTRIBUTES structure that specifies a security
descriptor for the new process and determines whether child processes can
inherit the returned handle. If lpProcessAttributes is NULL or
lpSecurityDescriptor is NULL, the process gets a default security descriptor
and the handle cannot be inherited. The default security descriptor is that
of the user referenced in the hToken parameter. This security descriptor may
not allow access for the caller, in which case the process may not be opened
again after it is run. The process handle is valid and will continue to have
full access rights.
[end quote]
It would appear that if the API is called with the null value for this
parameter, the ACL will be "user-friendly". However, if a non-default
descriptor is specified, it can be pretty much anything -- I guess :-)
> This means the user won't have TERMINATE (or other) rights on the process
> (unless some very rude exploit, like Shutter, is used). Will it work?
Perhaps, but if it displays any GUI, there will probably be a way to get it
down.
S
- Next message: Tim Robinson: "Re: Win32 Service App for Terminal services"
- Previous message: vipin: "Re: bidirectional printing"
- In reply to: Alexander Grigoriev: "Re: Win32 Service App for Terminal services"
- Next in thread: Tim Robinson: "Re: Win32 Service App for Terminal services"
- Reply: Tim Robinson: "Re: Win32 Service App for Terminal services"
- Reply: vipin: "Re: Win32 Service App for Terminal services"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
