Monday, January 14, 2008

A side note on the C# class I recently posted...

You need to be aware that some processes, such as internet explorer (iexplore.exe) will detect the privilege level at which they are launched and potentially relaunch themselves with different privileges (usually when a higher privileged process launches a process into the session of a user with lower default process privileges), therefore if you are tracking the created process id from the class I provided beware of this issue as the instance of (using iexplore.exe as an example) internet explorer you have created will self-terminate after launching another instance of itself.

When I get the chance I'll add a method to the class that overloads the current one for launching processes as a user which will accept an 'integrity level' in order to alleviate this issue. It isn't much of an issue currently; however, I'm not comfortable with processes running in user space with higher than default integrity levels. You would think this is a security issue but in actuality it appears to only effect iexplore.exe (I'm sure there must be something else that has this problem as well) because the DACLs and SACLs and process tokens security levels all match the user being impersonated so there's no apparent issue with a fear of security elevation (but you never know.)

2 comments: