changing security privileges on execution time

From: Jordi Gou (jgou_at_ntr.es)
Date: 05/21/04 

Date: Fri, 21 May 2004 18:53:38 +0200

Hello,

I'm developing an installer to install a service in a computer.
I have to write on "local machine" in registry and extract some files on
file
system and do other things that know are not important.

This service must let to be installed by administrator or restricted users
after they write the administrator password of the computer. Setup goes well
wirth administrator users, but I have some problems with restricted users.

I get an administrator user with LogonUser and then with
ImpersonateLoggedOnUser
the process privileges are administrator privileges. So, I think that I
could write
on "local machine" and extract files on restricted folders (like "program
files").
Is it true?

I get write on "local machine" but I can't write on "program files" folder.
The
code of the change of privileges is shown bellow.

Could anybody know how access to restricted folder changing the privileges
to admin privileges?

Thanks at all

Jordi

...

if (!RevertToSelf())
{
 if (bDebugMode) Log(TEXT("ActionsUserAuth: Revert To Self"));
 return false;
}

// Get the current process token handle...
if( !OpenProcessToken( GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES |
TOKEN_QUERY, &hToken ))
 return false;

SetPrivilege(hToken, SE_CREATE_TOKEN_NAME, true);
SetPrivilege(hToken, SE_ASSIGNPRIMARYTOKEN_NAME, true);
SetPrivilege(hToken, SE_LOCK_MEMORY_NAME, true);
SetPrivilege(hToken, SE_INCREASE_QUOTA_NAME, true);
SetPrivilege(hToken, SE_UNSOLICITED_INPUT_NAME, true);
SetPrivilege(hToken, SE_MACHINE_ACCOUNT_NAME, true);
SetPrivilege(hToken, SE_TCB_NAME, true);
SetPrivilege(hToken, SE_SECURITY_NAME, true);
SetPrivilege(hToken, SE_TAKE_OWNERSHIP_NAME, true);
SetPrivilege(hToken, SE_LOAD_DRIVER_NAME, true);
SetPrivilege(hToken, SE_SYSTEM_PROFILE_NAME, true);
SetPrivilege(hToken, SE_SYSTEMTIME_NAME, true);
SetPrivilege(hToken, SE_PROF_SINGLE_PROCESS_NAME, true);
SetPrivilege(hToken, SE_INC_BASE_PRIORITY_NAME, true);
SetPrivilege(hToken, SE_CREATE_PAGEFILE_NAME, true);
SetPrivilege(hToken, SE_CREATE_PERMANENT_NAME, true);
SetPrivilege(hToken, SE_BACKUP_NAME, true);
SetPrivilege(hToken, SE_RESTORE_NAME, true);
SetPrivilege(hToken, SE_SHUTDOWN_NAME, true);
SetPrivilege(hToken, SE_DEBUG_NAME, true);
SetPrivilege(hToken, SE_AUDIT_NAME, true);
SetPrivilege(hToken, SE_SYSTEM_ENVIRONMENT_NAME, true);
SetPrivilege(hToken, SE_CHANGE_NOTIFY_NAME, true);
SetPrivilege(hToken, SE_REMOTE_SHUTDOWN_NAME, true);
SetPrivilege(hToken, SE_UNDOCK_NAME, true);
SetPrivilege(hToken, SE_SYNC_AGENT_NAME, true);
SetPrivilege(hToken, SE_ENABLE_DELEGATION_NAME, true);
SetPrivilege(hToken, SE_MANAGE_VOLUME_NAME, true);
SetPrivilege(hToken, TEXT("SeInteractiveLogonRight"), true);

if (LogonUser(szUsername, szDomain, szPassword, LOGON32_LOGON_INTERACTIVE,
    LOGON32_PROVIDER_DEFAULT, &hAdminUser))
 bUserAuth = true;
else
 bUserAuth = false;

SetPrivilege(hAdminUser, SE_CREATE_TOKEN_NAME, true);
SetPrivilege(hAdminUser, SE_ASSIGNPRIMARYTOKEN_NAME, true);
SetPrivilege(hAdminUser, SE_LOCK_MEMORY_NAME, true);
SetPrivilege(hAdminUser, SE_INCREASE_QUOTA_NAME, true);
SetPrivilege(hAdminUser, SE_UNSOLICITED_INPUT_NAME, true);
SetPrivilege(hAdminUser, SE_MACHINE_ACCOUNT_NAME, true);
SetPrivilege(hAdminUser, SE_TCB_NAME, true);
SetPrivilege(hAdminUser, SE_SECURITY_NAME, true);
SetPrivilege(hAdminUser, SE_TAKE_OWNERSHIP_NAME, true);
SetPrivilege(hAdminUser, SE_LOAD_DRIVER_NAME, true);
SetPrivilege(hAdminUser, SE_SYSTEM_PROFILE_NAME, true);
SetPrivilege(hAdminUser, SE_SYSTEMTIME_NAME, true);
SetPrivilege(hAdminUser, SE_PROF_SINGLE_PROCESS_NAME, true);
SetPrivilege(hAdminUser, SE_INC_BASE_PRIORITY_NAME, true);
SetPrivilege(hAdminUser, SE_CREATE_PAGEFILE_NAME, true);
SetPrivilege(hAdminUser, SE_CREATE_PERMANENT_NAME, true);
SetPrivilege(hAdminUser, SE_BACKUP_NAME, true);
SetPrivilege(hAdminUser, SE_RESTORE_NAME, true);
SetPrivilege(hAdminUser, SE_SHUTDOWN_NAME, true);
SetPrivilege(hAdminUser, SE_DEBUG_NAME, true);
SetPrivilege(hAdminUser, SE_AUDIT_NAME, true);
SetPrivilege(hAdminUser, SE_SYSTEM_ENVIRONMENT_NAME, true);
SetPrivilege(hAdminUser, SE_CHANGE_NOTIFY_NAME, true);
SetPrivilege(hAdminUser, SE_REMOTE_SHUTDOWN_NAME, true);
SetPrivilege(hAdminUser, SE_UNDOCK_NAME, true);
SetPrivilege(hAdminUser, SE_SYNC_AGENT_NAME, true);
SetPrivilege(hAdminUser, SE_ENABLE_DELEGATION_NAME, true);
SetPrivilege(hAdminUser, SE_MANAGE_VOLUME_NAME, true);
SetPrivilege(hAdminUser, TEXT("SeInteractiveLogonRight"), true);

if (!ImpersonateLoggedOnUser(hAdminUser))
 MessageBox(NULL, TEXT("Inpersonate Error"), TEXT(""), MB_OK);

CloseHandle(hAdminUser);

...

Relevant Pages

  • Re: Error code 0x8007F004. Win2K update install
    ... Mentioned elsewhere are notes to verify the "Backup" and "Restore" privileges for the User are set for the Administrator, ... my re-build of Win2k on my ThinkPad. ... One possible fix is to install/re-install the latest BITS and Windows Installer supporting updates. ...
    (microsoft.public.windowsupdate)
  • Re: How effective is a router as a firewall?
    ... > machine to attacks that can utilize your elevated security context. ... this from to be secure - I control the firewall, the IDS, the Anti-Virus ... > privileges only when you need to. ... even spell Administrator let alone know what to do about privileges. ...
    (comp.security.firewalls)
  • Re: How effective is a router as a firewall?
    ... A lot of things can be done internally with admin privileges without too ... others resources when you are dealing with the internet environment. ... additional security features of newer OS versions (when there are other ... > even spell Administrator let alone know what to do about privileges. ...
    (comp.security.firewalls)
  • Re: Quick: Where is the equivalent of the Display control panel in Vista?
    ... didn't understand how UAC works. ... That would imply the installer has to be Vista-aware. ... Administrator, and everything goes fine. ... Visual Studio 2005 requires a FULL set of administrative priviledges to ...
    (comp.sys.mac.advocacy)
  • Re: A few conceptual questions for the experts...
    ... > role-based security model. ... > specific privileges and then add users to those roles. ... a user password field could be exposed to an administrator ... > user to modify the same password field in the DB. ...
    (microsoft.public.dotnet.languages.csharp)
Loading