Prev: Appverifier: How To ? Looking 4 docs
Next: Authenciate application to write in a flash drive
From: Bill Holt on 2 Jul 2008 23:55
Hi,

I have a C++ project that splits into three parts. A desktop program (medium
integrity), a service application (SYSTEM account), and an asynchronous
pluggable protocol (low integrity).

The desktop program contains a named pipe server, created in the following
manner:
TCHAR LOW_INTEGRITY_SDDL_SACL_W[] = L"S:(ML;;NW;;;LW)";
CDacl dacl;
dacl.AddAllowedAce (Sids::World (), GENERIC_ALL);
CSecurityDesc sd;
sd.SetDacl (dacl);
sd.FromString(LOW_INTEGRITY_SDDL_SACL_W);
CSecurityAttributes sa;
sa.Set (sd, true);
HANDLE hServerPipe = CreateNamedPipe (m_szServerName,
PIPE_ACCESS_DUPLEX|FILE_FLAG_OVERLAPPED|WRITE_DAC,
PIPE_TYPE_BYTE | PIPE_READMODE_BYTE | PIPE_WAIT, PIPE_UNLIMITED_INSTANCES,
g_nPipeBufferSize, g_nPipeBufferSize, NMPWAIT_USE_DEFAULT_WAIT, &sa);

The low integrity security setting allows the asynchronous pluggable
protocol to access the pipe in Windows Vista IE7 protected mode. So far,
this part works okay.

The service application also has a pipe server created using the exact same
code. However, the desktop program cannot connect to that pipe. CreateFile
fails with access denied (5). It's the same even when I run the desktop
program as administrator.

I think there is some security stuff I'm missing here. How do I allow access
from a medium integrity application from a service application named pipe?

Thanks in advance,
--
Best regards,
Bill Holt

From: DaveMo on 3 Jul 2008 10:49
On Jul 2, 8:55 pm, "Bill Holt" <mailbill(NOSPAM)@21cn.com.nospam>
wrote:
> Hi,
>
> I have a C++ project that splits into three parts. A desktop program (medium
> integrity), a service application (SYSTEM account), and an asynchronous
> pluggable protocol (low integrity).
>
> The desktop program contains a named pipe server, created in the following
> manner:
> TCHAR LOW_INTEGRITY_SDDL_SACL_W[] = L"S:(ML;;NW;;;LW)";
> CDacl dacl;
> dacl.AddAllowedAce (Sids::World (), GENERIC_ALL);
> CSecurityDesc sd;
> sd.SetDacl (dacl);
> sd.FromString(LOW_INTEGRITY_SDDL_SACL_W);
> CSecurityAttributes sa;
> sa.Set (sd, true);
> HANDLE hServerPipe = CreateNamedPipe (m_szServerName,
> PIPE_ACCESS_DUPLEX|FILE_FLAG_OVERLAPPED|WRITE_DAC,
>                 PIPE_TYPE_BYTE | PIPE_READMODE_BYTE | PIPE_WAIT, PIPE_UNLIMITED_INSTANCES,
>                 g_nPipeBufferSize, g_nPipeBufferSize, NMPWAIT_USE_DEFAULT_WAIT, &sa);
>
> The low integrity security setting allows the asynchronous pluggable
> protocol to access the pipe in Windows Vista IE7 protected mode. So far,
> this part works okay.
>
> The service application also has a pipe server created using the exact same
> code. However, the desktop program cannot connect to that pipe. CreateFile
> fails with access denied (5). It's the same even when I run the desktop
> program as administrator.
>
> I think there is some security stuff I'm missing here. How do I allow access
> from a medium integrity application from a service application named pipe?
>
> Thanks in advance,
> --
> Best regards,
> Bill Holt

Hello Bill,

I try to avoid the string-format SD stuff like the plague, so there
may be a problem there that I'm not familiar with. Assuming all of
that is ok, there might be a problem if you are using the same code to
access the pipe from your app. GENERIC_ALL does not, I believe,
include WRITE_DAC. You should make sure that the client app for the
pipe only uses the specific permissions it needs to actually use the
pipe - READ and WRITE.

HTH,
Dave
 | 
Pages: 1
Prev: Appverifier: How To ? Looking 4 docs
Next: Authenciate application to write in a flash drive