locked
Lowering resource Integrity Level RRS feed

  • Question

  • Hi, I'm working in a Single Sign On App, and I need to comunicate a BHO with it's controller App, I'm using a memory mapped file for that.

    If the BHO is the one who creates the mapped file, everything works fine (The mapped file is LI)

    If the controller app creates the mapped file, the BHO fails to open the mapped file (The Mapped file is MI )

    So I decided to lower the maped file integrity using the code provided by MS in the paper "Understanding and working in protected mode internet explorer".

    But that code doesnt work, and I have seen in this forum that a lot of people is having problems with that code, and I can't find any documentation about this at MSDN

    In resume: How can I lower a resource integrity level?

    Can someone help me or give me a hint?

    Here is the code I'm using to create the mapped file and lower the it's Integrity level:

    Notice that I replaced the values SDDL_REVISION_1 by 1 and LABEL_SECURITY_INFORMATION by 0x00000010L because I cant find where are defined.

    Thanks in advance

    HANDLE m_hMapVars = CreateFileMapping(INVALID_HANDLE_VALUE,
                                       NULL, //&sa,
                                       PAGE_READWRITE,
                                       0,
                                       1024,
                                       "F31B3896-3455-4d0d-1234-2389346239874");

    // Genero Security Descriptor

        #define LOW_INTEGRITY_SDDL_SACL "S:(ML;;NW;;;LW)"
        PSECURITY_DESCRIPTOR pSd = NULL;
        PACL pSacl = NULL;
        BOOL fSaclPresent = FALSE;
        BOOL fSaclDefaulted = FALSE;
       
        if(ConvertStringSecurityDescriptorToSecurityDescriptor(LOW_INTEGRITY_SDDL_SACL, 1, &pSd , NULL)) {
       
            if(GetSecurityDescriptorSacl(pSd, &fSaclPresent, &pSacl, &fSaclDefaulted)) {

                if(ERROR_SUCCESS != SetSecurityInfo(m_hMapVars, SE_FILE_OBJECT, 0x00000010L , NULL,NULL,NULL, pSacl))
                    MessageBox("setSecurityInfo", NULL,NULL);



    Tuesday, April 10, 2007 3:47 PM

Answers

  • Michael Dunn from thecodeproject told me to use SE_KERNEL_OBJECT intead of SE_FILE_OBJECT and that solved the problem a few weeks ago.
    Thursday, May 24, 2007 12:20 PM