469,658 Members | 1,791 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,658 developers. It's quick & easy.

Anyone know how to start a process with low integrity from a process with higher integrity?

I ask because I've got a windows service I've written that manages failover
and replication for our products (or even 3rd party applications) and it
worked great right until I tested it (for ease of testing purposes) with
Internet Explorer (iexplore.exe) - I was testing handling argument list
buffer overflows.

What I found with iexplore.exe is that because my windows service is running
with high privileges (due to running under the local system account) and it
was using CreateProcessAsUser to launch the browser into the logged in user
session (so the user could see the UI), explorer was detecting this as a
security violation (a high integrity process running in a low integrity user
session) and it was spawning a low integrity iexplore.exe process on its own
and the original iexplore.exe was terminating immediately (I am aware of
this because my service tracks the process IDs of the processes it creates
for failover purposes and these IDs do not match those of iexplore.exe for
more than a few tens of milliseconds.)

This isn't a big deal except that it enlightened me that I should not be
launching processes in a low integrity environment with my service's high
integrity security descriptor (I use the default.)

Anyone out there know how to create a low integrity security descriptor?

I've tried ConvertStringSecurityDescriptorToSecurityDescripto rW using
"S:(ML;;NW;;;LW)" (which I believe means 'low integrity please') but it does
not appear to make any difference. iexplore.exe is still re-launching

Knowing .NET (I'm from a C++ background) there's a much smarter way to do
this, any pointers?



Jan 11 '08 #1
0 1630

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

15 posts views Thread by Brandon J. Van Every | last post: by
5 posts views Thread by tony | last post: by
169 posts views Thread by JohnQ | last post: by
reply views Thread by gheharukoh7 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.