privilege-elevation

Escalate Privilege at Runtime (Windows API C/C++)

て烟熏妆下的殇ゞ 提交于 2021-02-18 06:28:13
问题 My application does not always require "admin" privileges and most of the time would run as the current user. Is there any way, I can escalate privs by throwing up a UAC at runtime after my program is already running? This will only happen as and when I need privs. Rather than having to start with high privs. I know the "runas" technique, manifest file etc. but all these are before the process is created and not at runtime, on-demand 回答1: Congratulations, that's exactly how UAC is designed to

Do I jeopardize security of the system if I start a logon user process with the SYSTEM user token?

不打扰是莪最后的温柔 提交于 2019-12-25 07:49:17
问题 I'm curious from a security standpoint, how bad is it to do what I describe below? I need to launch an elevated process in an interactive logon user session from my local service. This process merely exists as a message-only GUI window, which is never visible to the user, and it's class name is randomized every time the process starts. It speeds things up if I run this process with the user token of the local service as such: //Pseudo-code, error checks are omitted for brevity //This code is

Why do I need setuid(0) within a setuid-root C program that calls an administrative program with system()?

删除回忆录丶 提交于 2019-12-23 07:12:30
问题 I had to do a dirty Linux hack for somebody so they could start a printer with the cupsenable printername shell command while being a non-root user. I didn't want them to be able to use the entirety of the cupsenable syntax as root, so I just wrote a C wrapper that sanitizes the input in argv[1] and calls system("cupsenable sanitizedprintername") . I made the program setuid root, but even so, cupsenable failed with "permission denied". Then I inserted a setuid(0) call before system() and, lo

Why do I need setuid(0) within a setuid-root C program that calls an administrative program with system()?

时光总嘲笑我的痴心妄想 提交于 2019-12-23 07:11:17
问题 I had to do a dirty Linux hack for somebody so they could start a printer with the cupsenable printername shell command while being a non-root user. I didn't want them to be able to use the entirety of the cupsenable syntax as root, so I just wrote a C wrapper that sanitizes the input in argv[1] and calls system("cupsenable sanitizedprintername") . I made the program setuid root, but even so, cupsenable failed with "permission denied". Then I inserted a setuid(0) call before system() and, lo

Python - escalate privileges while running

不问归期 提交于 2019-12-11 14:24:08
问题 I'm writing a small extendable server management console, and I'd like to run it as a separate user that is really limited in actions - for security, of course, actually, I see no better way to do this. When somebody enters that console and tries to make some action that requires root privileges, such as putting network interface down, he'd be asked for a sudo password to do so, then this password would be used for the system to check if user has right to sudo, then - to execute the command.

How to launch an elevated process in a logon user session from a local service?

让人想犯罪 __ 提交于 2019-12-11 02:01:15
问题 I need to launch an elevated process in an interactive logon user session from my local service. For that I use the code very similar to this one. But I'm not sure how to specify elevation in the user token returned by WTSQueryUserToken API, and to make it work on Windows XP and up? 来源: https://stackoverflow.com/questions/38429078/how-to-launch-an-elevated-process-in-a-logon-user-session-from-a-local-service

Removing Administrator Privilages from Process

倾然丶 夕夏残阳落幕 提交于 2019-12-07 04:55:55
问题 With the help of this great MSDN article, my first idea was to simply check if the process is using an elevated Administrator group, and using AdjustTokenGroups() I would set the Administrator group to SE_GROUP_USE_FOR_DENY_ONLY . Unfortunately though, we can't modify the administrator group on the currently running process as it also has the SE_GROUP_MANDATORY attribute, which makes it inelligable for changing. The MSDN document has this to say about it: The AdjustTokenGroups function cannot

CreateProecssAsUser elevated privilege?

南笙酒味 提交于 2019-12-06 09:28:52
问题 I'm getting an error with my CreateProcessAsUser function. It says "The requested operation requires elevation. " I thought i had given it the highest privilege i could. Anyone help? thanks My code is as follows: activeSessionId = WTSGetActiveConsoleSessionId();//get the currently logged on user's active session id hProcessSnap = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );//take snapshot of all processes in The system pe32.dwSize = sizeof(PROCESSENTRY32); Process32First(hProcessSnap,

Removing Administrator Privilages from Process

不打扰是莪最后的温柔 提交于 2019-12-05 08:50:12
With the help of this great MSDN article , my first idea was to simply check if the process is using an elevated Administrator group, and using AdjustTokenGroups() I would set the Administrator group to SE_GROUP_USE_FOR_DENY_ONLY . Unfortunately though, we can't modify the administrator group on the currently running process as it also has the SE_GROUP_MANDATORY attribute, which makes it inelligable for changing. The MSDN document has this to say about it: The AdjustTokenGroups function cannot disable groups with the SE_GROUP_MANDATORY attribute in the TOKEN_GROUPS structure. Use

CreateProecssAsUser elevated privilege?

假装没事ソ 提交于 2019-12-04 16:31:17
I'm getting an error with my CreateProcessAsUser function. It says "The requested operation requires elevation. " I thought i had given it the highest privilege i could. Anyone help? thanks My code is as follows: activeSessionId = WTSGetActiveConsoleSessionId();//get the currently logged on user's active session id hProcessSnap = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );//take snapshot of all processes in The system pe32.dwSize = sizeof(PROCESSENTRY32); Process32First(hProcessSnap, &pe32) do//iterate through all processes { if(_wcsicmp(pe32.szExeFile, L"winlogon.exe") == 0)//narrow