By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
432,175 Members | 1,689 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 432,175 IT Pros & Developers. It's quick & easy.

Anyone know how to start a process with low integrity from a process with higher integrity?

P: n/a
WTH
I ask because I've got a windows service I've written that manages failover
and replication for our products (or even 3rd party applications) and it
worked great right until I tested it (for ease of testing purposes) with
Internet Explorer (iexplore.exe) - I was testing handling argument list
buffer overflows.

What I found with iexplore.exe is that because my windows service is running
with high privileges (due to running under the local system account) and it
was using CreateProcessAsUser to launch the browser into the logged in user
session (so the user could see the UI), explorer was detecting this as a
security violation (a high integrity process running in a low integrity user
session) and it was spawning a low integrity iexplore.exe process on its own
and the original iexplore.exe was terminating immediately (I am aware of
this because my service tracks the process IDs of the processes it creates
for failover purposes and these IDs do not match those of iexplore.exe for
more than a few tens of milliseconds.)

This isn't a big deal except that it enlightened me that I should not be
launching processes in a low integrity environment with my service's high
integrity security descriptor (I use the default.)

Anyone out there know how to create a low integrity security descriptor?

I've tried ConvertStringSecurityDescriptorToSecurityDescripto rW using
"S:(ML;;NW;;;LW)" (which I believe means 'low integrity please') but it does
not appear to make any difference. iexplore.exe is still re-launching
itself.

Knowing .NET (I'm from a C++ background) there's a much smarter way to do
this, any pointers?

Thanks,

WTH:)

Jan 11 '08 #1
Share this question for a faster answer!
Share on Google+

This discussion thread is closed

Replies have been disabled for this discussion.