On Tue, 15 May 2007 13:15:19 -0700, Jeff Williams
<je*******************@hardsoft.com.auwrote:
I am developing an application which will allow users (students) to run
applications on PC's with elevated rights. This is necessary for some
applications which require Administrator rights on the PC.
I've got to say, this sounds like a really bad idea to me, especially if
you think you cannot trust the students with the actual username and
password. If you provide any mechanism for the student to elevate his
privileges, you open the computer to attack. The student himself may find
a way to hijack the privilege elevation, or it could just be that the
process itself allows for privilege elevation by some malware or something.
There should be *no* application that isn't specifically involved with
administrating the computer that requires Administrator rights. For the
badly written software out there that does insist on doing things that
only Administrators are allowed to do, there are other ways around that.
In XP, this generally involves changing permissions for specific system
resources, but my understanding is that in Vista the OS can virtualize
areas of the computer to allow an application without administrator rights
to still work, without actually making system-wide changes (the changes
wind up just local to the user running the application).
That said, I'll attempt to offer what little I do know (while continuing
to discourage you from doing what you want to do :) )...
I now need to store the local administrator username and password
somewhere where my application can read this from.
I am looking for comments on
1. Recommend place to store this data
You're talking about encrypting the data, so it seems to me you ought to
be able to store it wherever you like. In the user's user.config file,
for example.
2. How to encrypt the username and password
If I recall, there's a whole crypto namespace in .NET you could use for
something like that, including being able to keep strings encrypted in
memory to make it harder to capture the data.
3. Given that c# can re easily decompiled and read the encryption could
be obtained so what protection could be given if any. No I dont want to
use a third party app that encodes the C# exe or dll.
Well, IMHO one important thing to keep in mind is that if the user has
software capable of decrypting and using the data, and that software will
run within that user's privileges, then there will always be *some* way
for that user to get at the data. Now, perhaps you can make it so hard
for the user to do so that it's just not worth it to them, but you can't
prevent it altogether. #1 rule for computer security: anything you hand
over to the user is no longer secure, no matter what you do to it.
It's possible that you could set up some sort of service that deals only
in encrypted data, and which somehow uses encrypted data to provide the
necessary user token needed to elevate your privileges. But if you have
that, then I suspect it would be vulnerable to a man-in-the-middle attack
whereby your user emulates the system you've set up to obtain such a token
directly.
I'm no security expert, and there may be some approach that Vista and/or
built-in components for .NET provides that would allow you to save
privilege-elevation data in a way that allows the user to take advantage
of it, but only with applications you've approved. But even if you
accomplish that, you've still opened a security hole. IMHO, it's just
better to avoid the whole problem in the first place. Don't run software
that requires admin rights when it's not actually administrating the
computer, and/or address the issue through careful manipulation of the
security permissions for system resources rather than just granted blanket
admin privileges to the user (even if you think you can accomplish it in
what appears to be a limited way).
Pete