Security issues when launching processes from a WMI provider. RRS feed

  • Question

  • Our server configuration program is based on WMI (we have our own WMI providers written in C++).

    We create directories, registry entries and launch other programs. An example of a task that fails on Vista is to extract files with cabarc.exe.

    Creating directories directly from the provider code with ::CreateDirectory(...) works fine (this is under \Program Files). When cabarc is started, it is supposed to extract some files in the same directory, but this fails. Cabarc is started, but when I watch in Sysinternals File Monitor, I see a "ACCESS DENIED" when cabarc tries to create the first file. The process is launched with CreateProcess, but I've also tried ShellExecuteEx. When using CreateProcess, GetLastError returns 1813 "The specified resource type cannot be found in the image file."

    It works by changing the Windows Management Instrumentation service to run as LocalSystem instead of Network Service or giving Network Service write access to the directory, but that is not a sollution.

    Does anyone know why it works to create files and folders directly from the code, but fails when a program launched from that code tries do create a directory?


    Thursday, March 8, 2007 9:16 PM