Access denied errors using events in Vista RRS feed

  • Question

  • We have an application that runs fine under XP & Win 2K. The application runs at startup and creates a global event (Global\RS_EVENT) and several threads wait for this event.  A browser help object (BHO) opens the event and pulses it when it needs something from one of the threads.

    Using the process analyzer, our application runs at medium integrity. The browser runs at low integrity. We can create the event with no problem but the BHO gets an access denied error (5) when it tries to open the event.  If we run IE as an admin, the BHO can open the event even tho it gets a 12006 error (ERROR_INTERNET_UNRECOGNIZED_SCHEME).  This error does not make any sense to us. Does anybody know what the 12006 error really means ?

    We have tried using an empty DACL and SACL as described in "Writing to Global Shared memory from an application" in this thread (http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=748596&SiteID=1) without success.  Does anybody know what the security descriptor string "S:(ML;;NW;;;LW)" means ? We cannot find it in the online documentation.

    If anyone has any thoughts on how our BHO can access the event created by our application without running IE as an administrator, please let us know.

    Many thanks.



    Tuesday, February 20, 2007 2:55 PM

All replies

  • One remark first: does this event really have to be global?
    It doesn't look like a per machine event. With Fast User Switching becoming more and more popular, it doesn't seem right that it's shared for all users.
    Without Global\, that event would become a session event.

    With regards to ERROR_INTERNET_UNRECOGNIZED_SCHEME: do you mean that OpenEvent succeeds but GetLastError() returns this, or that a subsequent operation on the returned handle fails with that error?

    In any case, if you need "write" access to the event (and you do if you want to pulse) from the low integrity subject, the creator of the object needs to lower the object's integrity level. That's what S:(ML;;NW;;;LW) does (a Mandatory Label allowing write all the way down to low integrity subjects).

    Wednesday, February 21, 2007 2:47 AM
  • Thanks.

    Good point on the Global namespace.  One of the things we have QA testing is the fast user switching to see if that is going to be an issue. We need to try it w/o Global\.

    The ERROR_INTERNET_UNRECOGNIZED_SCHEME comes from GetLastError() right after the OpenEvent call.

    Friday, March 2, 2007 2:31 PM
  • If OpenEvent succeeds, GetLastError is likely a leftover from a previous API call.
    There's a good chance you'll get the same error right before the call.

    Monday, March 12, 2007 12:24 AM