src/plugin/AdblockPlusClient.cpp - Issue 6308231068516352: Fix issues with security tokens (Enhanced Protected Mode, Protected Mode etc)

Keyboard Shortcuts

	File
u :	up to issue
m :	publish + mail comments
M :	edit review message
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line
<Enter> :	respond to / edit current comment
d :	mark current comment as done

	Issue
u :	up to list of issues
m :	publish + mail comments
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue
# :	close issue

	Comment/message editing
<Ctrl> + s or <Ctrl> + Enter :	save comment
<Esc> :	cancel edit

Unified Diff: src/plugin/AdblockPlusClient.cpp

Issue 6308231068516352: Fix issues with security tokens (Enhanced Protected Mode, Protected Mode etc) (Closed)

Patch Set: Created Nov. 15, 2013, 7:22 p.m.

Use n/p to move between diff chunks; N/P to move between comments.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: src/plugin/AdblockPlusClient.cpp

===================================================================

--- a/src/plugin/AdblockPlusClient.cpp

+++ b/src/plugin/AdblockPlusClient.cpp

@@ -44,22 +44,32 @@

// Running inside AppContainer?

if (acs != NULL && acs->TokenAppContainer != NULL)

{

- // Launch with default security. Registry entry will eat the user prompt

+ // We need to break out from AppContainer. Launch with default security - registry entry will eat the user prompt

// See http://msdn.microsoft.com/en-us/library/bb250462(v=vs.85).aspx#wpm_elebp

- LPWSTR stringSid;

- ConvertSidToStringSidW(acs->TokenAppContainer, &stringSid);

- params.Append(L" ");

- params.Append(stringSid);

- LocalFree(stringSid);

createProcRes = CreateProcessW(engineExecutablePath.c_str(), params.GetBuffer(params.GetLength() + 1),

0, 0, false, 0, 0, 0, (STARTUPINFOW*)&startupInfo, &processInformation);

}

else

Felix Dahlke 2013/12/10 16:46:36 This happens if the engine is first started from b

Oleksandr 2014/03/04 10:40:05 yes. bing.com (or any other website from the excep

{

- // Launch with the same security token (Low Integrity) explicitly

+ // Launch with Low Integrity explicitly

HANDLE newToken;

DuplicateTokenEx(token, 0, 0, SecurityImpersonation, TokenPrimary, &newToken);

+ PSID pIntegritySid = 0;

Felix Dahlke 2013/12/10 16:46:36 Less Hungarian please :D

+ BOOL res = ConvertStringSidToSid(L"S-1-16-4096", &pIntegritySid);

Felix Dahlke 2013/12/10 16:46:36 Since the return value is ignored, there's no need

+ std::tr1::shared_ptr<SID> sharedIntegritySid(static_cast<SID*>(pIntegritySid), FreeSid); // Just to simplify cleanup

+ TOKEN_MANDATORY_LABEL tml = {0};

Felix Dahlke 2013/12/10 16:46:36 Let's go with {} for consistency's sake.

+ tml.Label.Attributes = SE_GROUP_INTEGRITY;

+ tml.Label.Sid = pIntegritySid;

+ // Set the process integrity level

+ res = SetTokenInformation(newToken, TokenIntegrityLevel, &tml, sizeof(TOKEN_MANDATORY_LABEL) + GetLengthSid(pIntegritySid));

Felix Dahlke 2013/12/10 16:46:36 As above, no need to store the return value.

+ STARTUPINFO startupInfo = {};

+ PROCESS_INFORMATION processInformation = {};

+ BOOL createProcRes = 0;

Felix Dahlke 2013/12/10 16:46:36 Why redeclare the variable here? This means that w

createProcRes = CreateProcessAsUserW(newToken, engineExecutablePath.c_str(), params.GetBuffer(params.GetLength() + 1),

0, 0, false, 0, 0, 0, (STARTUPINFOW*)&startupInfo, &processInformation);

}

« no previous file with comments | « src/engine/Main.cpp ('k') | src/shared/Communication.cpp » ('j') | src/shared/Communication.cpp » ('J')