Create a folder with access granted only to the executing process. The process will delete the data when job is done.
The purpose is to avoid having any other process attempt to manipulate the data in the folder, while the owner process is running.
I already tried giving ACLs and it did not solve the purpose. Basically the current user gets the permission and so if any other process is running under the same user then the other process gets the permissions as well.
// I used the second parameter here to add ACLs
CreateDirectory(lpPath, &sa);
You are right, ACL are used to manage user permissions, not process permissions. It is easy in Windows to limit a file to a running process by opening it with CreateFile with a dwShareMode of 0.
But according to the MSDN page on CreateFile, it is possible to get a directory handle with that function if the dwFlagsAndAttributes parameter contains FILE_FLAG_BACKUP_SEMANTICS. Creation is not possible that way, but maybe keeping the directory open could prevent other processes to access it. Beware I have never tested that.
Anyway, I cannot imagine a real use case where it would be required. If you want to do that for security reasons, the correct way is to use a dedicated user. In addition it allows an administrator to control what happens in the directory. And if it is for synchronization reasons, you should rely on standard synchronization primitives
Related
I am very new to programming. I want to run a program with C++ which will prompt administrative permission to the user in windows. Is there any way to run another bunch of code if the permission is not granted??
system("setup.exe");//This will prompt administrative permission to the user. If permission is denied then I want to execute some other codes, for example, printif("Give administrative permission next time");
It is impossible to do for the already executing process. You can only start one more process (even if this is the same application). Another approach is to add appropriate application manifest which would force the runtime system to request the user for UAC elevation confirmation from the very beginning.
For the first approach, please see: CreateProcessAsUser function (Windows).
For the second (manifest) approach, please see, for example, this answer: C++ — How to run application with Admin privileges using Manifest file in Visual Studio 2005?.
Note that it is impossible to elevate the privileges without explicit user's consent. If it was possible, it would defeat the purpose of UAC. Please see: User Account Control — Wikipedia, the free encyclopedia.
As I told I am very new to programming. So U was trying different codes without knowing what actually they are supposed to do. So finally a simple code servrd my purpose though I dont know what actually happening there. The code is
if(system("setup.exe")){printf("Give administrative permission next time");}
Is it possible to select such a security descriptor using a DACL string such that the file can only be opened by a Windows Service, but not by an ordinary process, even if the process is run by the local Administrator account?
To clarify, I just need to make it reasonably hard for a non-technical user to open it in NotePad and tamper with it. It doesn't need to work against a programmer willing to dedicate a month of his life to reverse engineering and cracking it.
I prefer to achieve this using DACL instead of locking the file because then my windows service doesn't need to run all the time for the file to be protected.
Local administrator account = God (at least on the box). There's no way to do this.
You can define a special privileged account for your service to run under, and make the ACLs on the protected file only allow access by that user (and all machine admins). You can disallow interactive login using that service account.
If your primary concern is tampering by interactive users, you may need a policy whereby the local user does not run by default with local admin rights. Unfortunately you cannot allow 'partial' local admin rights - it's all or nothing.
I don't know enough about DACLs to say whether or how you can accomplish what you want with those. I can think of a couple things you can do to make it harder for someone to tamper with the file, in addition to restricting it to the local administrator account:
Have your service start automatically, and open the file immediately with no sharing options. As long as your service has it open, another process won't be able to open it.
Compute a hash of the file contents plus a salt hardcoded into your service and store it somewhere else, e.g., in another file, in the registry, or even online. Next time you open the file, verify the hash, which will tell you if someone tampered with the file since the last time you opened it.
These are not foolproof by any stretch, but it sounds like your goal is simply to make it harder. There's no foolproof method to stop a user with administrator privileges.
I need to do some registry operations & other system operations for that i need admin permission. currently user have to start my application as "Run as administrator".
so How could i launch my application with admin rights?
CreateProcessAsUser or CreateProcessWithLogonW is the main thing you need. For CreateProcessAsUser, you'll need to use a few other things to make it do its tricks though (e.g., AdjustTokenPrivileges to enable the privileges it uses, and LogonUser to get a user's token).
You can also use ShellExecuteEx() for this purpose. This routine expects a SHELLEXECUTEINFO structure to be passed to it. The relevant attribute of this structure is "lpverb" which has to be set to a value "runas". This will ensure that the task that is run with elevated priveleges.
The answers deal with starting it programatically, but if the program's entire purpose is to run as admin to make these changes, you can add an appropriate manifest to make Windows elevate for you.
If just part of your application needs admin access, look at COM elevation.
I have a problem I can't seem to find the answer to, though I am sure it is out there. Is there a way I can disable registry and file access for a newly-created process? I am using Job objects ( http://msdn.microsoft.com/en-us/library/windows/desktop/ms682409(v=vs.85).aspx ) and it says to set the permissions for each new job process, and in a few books I have read that things such as registry and file access can be controlled.
While looking for my answer I saw that I needed to add LUIDs for things such as SE_BACKUP_NAME and such (or whatever it is called) but none of those privilege constants seem to reflect the kind of control I want.. So my exact question is: How would I go about disabling registry/file write access for a newly created process in a Job?
I am trying to create a sandboxed-application, btw. This is so I can prevent it from making any changes to the registry or writing any files while it runs.
Any help would be appreciated!
Windows accesses many resources during process startup, so if you successfully disabled access to the filesystem and registry the process wouldn't start.
Ideally, you'd want access to be restricted after process initialization was complete, but Windows doesn't have a mechanism to do this for arbitrary processes. The sandbox in the Chrome browser relies on the cooperation of the sandboxed process.
The documentation for the Chrome sandbox has a nice overview of the various security mechanisms available in Windows and explains how they are used in Chrome. It's a nice solution if you are trying to sandbox your own code.
I don't think you can disable access outright as many susbsystems rely on it (COM, the shell, some DLL initialisation, debugging, etc) An alternative would be to allow access, but to a limited sandbox which can be done with the integrity system. Setting it to low integrity will block most write access and is used by protected mode IE.
Is it possible for a C++ application running on Windows to drop privileges at runtime?
For instance, if a user starts my application as Administrator, but there's no reason to run my application as administrator, can I in some way give up the Administrator-privileges?
In short, I would like to write code in the main() function which drops privileges I don't need (for instance, Write access on the Windows directory).
Yes, you can use AdjustTokenPrivileges to remove unneeded and dangerous privileges from your token. You can either disable if not immediately needed (the privilege can be enabled later) or remove a privilege from your token altogether.
You can also create a restricted token via CreateRestrictedToken and relaunch your application running with that restricted token. CreateRestrictedToken can be used to disable privileges and remove groups (like Administrators Group) from a token.
You may be able to use AdjustTokenGroups to remove the administrator group from the token of your running process, but I've never tried this on an already running process.
Note that write-access to the Windows directory is not covered by a privilege. Resources in the system have ACL's which govern who has access. System and administrators have write-access to the Windows directory.