locked
Allowing PROCESS_DUP_HANDLE from elevated to non-elevated process RRS feed

  • Question

  • I have a scenario in which a process B invokes an action in process A, and then needs to wait for the action to complete. The way this used to work, pre-Vista was:

    • Process B set's WORLD access to allow PROCESS_DUP_HANDLE on it self.
    • Process B sends the request along with it's process id to process A in a shared memory buffer, and signals an event.
    • Process A receives the request, and uses the provided process id to open a process handle with PROCESS_DUP_HANDLE access to process B.
    • Process A starts the requested action in a separate thread, and duplicates the thread handle to Process B, and stores the handle in the shared memory buffer.
    • Process A signals an event for process B indicating that the action has started processing in the provided thread.
    • Process B waits on the provided thread handle, now valid in it's process.

    The problem is that if Process B is elevated, and Process A is not, A is not allowed to open B with PROCESS_DUP_HANDLE, even though I have tried to explictly allow this with SetSecurityInfo. I have tried with a DACL giving WORLD the requried permissions, and even with a null DACL - to no avail.

     

    Process A (the non-elevated server process) is not allowed to open the handle to Process B with PROCESS_DUP_HANDLE.

     

    I'm sure this is part of the increased 'security' in Windows Vista - but while I'm trying to sort through the extensive, well-structured and complete documentation on these issues, perhaps someone out there knows how to do this?

    Friday, January 25, 2008 2:53 PM

All replies

  • Did you find a solution to this problem??
    I have the exact same problem and am not managing to solve it...
    Friday, February 20, 2015 7:17 PM
  • The reason it is not working is that you have to consider integrity level.  The elevated process is running at high integrity level.  The non-elevated process is running at a medium integrity level.  You cannot access a secured object from a medium -> high level.

    You'll need to modify the integrity level of the process handle and lower it to medium for this to work.

    Take a look at the following link:https://msdn.microsoft.com/en-us/library/bb625960.aspx

    Take a look at the code sample in the link (SetLowLabelToFile).  I've also included it below modified to work with a process instead of a file. 

    #include <sddl.h> #include <AccCtrl.h> #include <Aclapi.h> void SetLowLabelToProcess() { // The LABEL_SECURITY_INFORMATION SDDL SACL to be set for medium integrity #define LOW_INTEGRITY_SDDL_SACL_W L"S:(ML;;NW;;;MW)" DWORD dwErr = ERROR_SUCCESS; PSECURITY_DESCRIPTOR pSD = NULL; PACL pSacl = NULL; // not allocated BOOL fSaclPresent = FALSE; BOOL fSaclDefaulted = FALSE; HANDLE hProcess;

    // get a handle to the process if (ConvertStringSecurityDescriptorToSecurityDescriptorW( LOW_INTEGRITY_SDDL_SACL_W, SDDL_REVISION_1, &pSD, NULL)) { if (GetSecurityDescriptorSacl(pSD, &fSaclPresent, &pSacl, &fSaclDefaulted)) { // Note that psidOwner, psidGroup, and pDacl are // all NULL and set the new LABEL_SECURITY_INFORMATION dwErr = SetSecurityInfo(hProcess, SE_KERNEL_OBJECT, LABEL_SECURITY_INFORMATION, NULL, NULL, NULL, pSacl); } LocalFree(pSD); } }

    thanks

    Frank K [MSFT]

    Follow us on Twitter, www.twitter.com/WindowsSDK

    Wednesday, February 25, 2015 1:50 AM