RE: Auto-update of an application, permission problem in "Program Files"

---

• From: jetan@xxxxxxxxxxxxxxxxxxxx ("Jeffrey Tan[MSFT]")
• Date: Mon, 11 Jun 2007 03:53:49 GMT

---

Hi Francois,

The problem of your current solution is that the bad guy also has the
permission of replace your plug-in dlls. So he may replace your dlls with
his malicious Troy dll, which injects malicious code into machine.

In this scenario, below is the recommended solution:
1. Coding a separate Windows Service as a broker process which runs under a
high priviledge account, such as LocalSystem or Administrator.
2. When you need to update the plug-in dlls, your normal application can
use some type of inter-process communication technology to ask write
request to the Windows Service, and the Windows Service with high
priviledge work on behalf of your application to write "Program Files" for
replacing the old dlls with new ones.(which are read-only to your normal
user account)

This is a safe solution since we separate the high priviledge
operations/code from the normal operation code. Also, by defining a
well-defined interface between the normal game application and the Windows
Service, we expect it to be safe. In this mode, the Windows Service
application is called a permission broker application. Microsoft IE7
protected mode uses 2 broker applications for high priviledge write
operation which idea is the same here. Please refer to the "Understanding
Protected Mode" section in link below to see these 2 broker processes:
"Understanding and Working in Protected Mode Internet Explorer"
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/IETechCol/d
nwebgen/ProtectedMode.asp

A variation of this solution is coding a separate high-priviledge updating
application. While asking for updating, your normal application can use
ShellExecute API with "runas" parameter to run the updating application
under the full administrator token, which has the permission of writting to
the "Program Files". This approach has the advantage of prompting the end
user with a consent dialog for updating, which aligns with Vista UAC
behavior. See the "Run as administrator" section in the link below for
details:
http://weblogs.asp.net/kennykerr/archive/2006/09/29/Windows-Vista-for-Develo
pers-_1320_-Part-4-_1320_-User-Account-Control.aspx

Hope this helps.

Best regards,
Jeffrey Tan
Microsoft Online Community Support
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.


.

---

• Follow-Ups:
  • Re: Auto-update of an application, permission problem in "Program Files"
    • From: Francois PIETTE
  • Re: Auto-update of an application, permission problem in "Program Files"
    • From: Skywing [MVP]

• References:
  • Auto-update of an application, permission problem in "Program Files"
    • From: Francois PIETTE

• Prev by Date: Re: Difference between TokenUser and TokenGroups w/SE_GROUP_LOGON_ID
• Next by Date: Re: Auto-update of an application, permission problem in "Program Files"
• Previous by thread: Auto-update of an application, permission problem in "Program Files"
• Next by thread: Re: Auto-update of an application, permission problem in "Program Files"
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Auto-update of an application, permission problem in "Program Files" ... permission of replace your plug-in dlls. ... request to the Windows Service, and the Windows Service with high ... Microsoft Online Community Support ... (microsoft.public.win32.programmer.kernel) Re: AspCompat="true" on a Windows 2003 may cause an error ... Unfortunately the hotfix didn't solve the problem. ... As I can see there's no other solution than create a support case at ... Microsoft, unless some of you have already experienced the same... ... If the above two are fine, check the versions of the DLLs that are ... (microsoft.public.dotnet.framework.aspnet) RE: Error when my Win32 Service takes longer than 30 seconds to shut down. ... Windows service has very restricted rule for the control code operation. ... the HandlerEx function(this function is encapsulated in .Net ... Applications for Microsoft Windows 2000> "Control Codes and Status ... Microsoft Online Community Support ... (microsoft.public.dotnet.languages.vc) RE: folder virtualisation ... request to the Windows Service, and the Windows Service with high ... If your Windows Service needs to access network, the Vista Service ... Microsoft Online Community Support ... (microsoft.public.platformsdk.security) Re: Auto-update of an application, permission problem in "Program Files" ... I'm not sure using a service to install the DLL would give better protection ... permission of replace your plug-in dlls. ... Microsoft Online Community Support ... (microsoft.public.win32.programmer.kernel)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Development  > microsoft.public.win32.programmer.kernel  > 2007-06