[Windows] How to launch a program with lowered rights?

[Little John]

Hi all,

I'm currently writing a program that requires administrative privileges.
Its GUI contains a HyperLinkGadget, and when the user clicks at it a webpage with additional information is opened in the default browser.

But since my program is running with administrative privileges, currently the web browser is also launched with administrative privileges. This is not necessary for showing the webpage, and it's a potential security hole.

So how can a PB program that is running with administrative privileges, launch a third party program so that it runs only with normal privileges?

[IdeasVacuum]

Well of course a way around that would be to use a PB web gadget in it's own window without any controls to change the page.

[Little John]

Well of course a way around that would be to use a PB web gadget in it's own window without any controls to change the page.

That would not help. My program has administrative privileges, and for security reasons I want to avoid that a program connects to the internet with administrative privileges. Also, I want the respective webpage to be shown in the default browser of the system, not in a webgadget.

I think I've found a solution now: I'll split my program into two EXE files, a frontend and a backend. The frontend contains the GUI and runs with normal privileges, and for doing some advanced tasks it will call the backend, which will then run with administrative privileges.

Does anyone have a better idea?

[RASHAD]

Hi LJ
I am not sure but you can test it (It should work)

Code: Select all

  AppVerb$ = "open"
  AppName$ = "http://www.purebasic.fr/english/index.php"
  AppDir$  = ""
     
  shExecInfo.SHELLEXECUTEINFO
  shExecInfo\cbSize=SizeOf(SHELLEXECUTEINFO)
  shExecInfo\fMask=#Null
  shExecInfo\hwnd=#Null;
  shExecInfo\lpVerb=@AppVerb$
  shExecInfo\lpFile=@AppName$
  shExecInfo\lpDirectory=@AppDir$
  shExecInfo\nShow=#SW_NORMAL
 
  ShellExecuteEx_(shExecInfo)

[luis]

I don't think there is a reliable way to lower the privileges in Windows.

Here is an article with some explanations and a solution that is really a hack

http://blogs.microsoft.co.il/blogs/sash ... ocess.aspx

linked there you'll find this, exactly what you are talking about

http://blogs.msdn.com/b/aaron_margosis/ ... d-app.aspx


and a different approach

http://stackoverflow.com/questions/7870 ... el-process

and a different one

http://mdb-blog.blogspot.it/2013/01/nsi ... m-uac.html

all untested

[JHPJHP]

Hi Little John,

The following is a tool I created, it's main purpose has nothing to do with what you're asking...
... but there is a right-click context menu item "Run Executable As SYSTEM" that may be of use
- I'm not sure if running as SYSTEM is any better then Administrator, as it can utilize some pretty powerful privileges
-- but there are different Integrity Levels that may suit your needs

If you think it can be of use, I'll extract the "Run As System" script from the main program, and post a new link.

[Little John]

Hi,

thanks for your replies!

For the sake of completeness, some points that I forgot to mention:
The behaviour which I reported happens when I launch a webpage with RunProgram(url$). I made all tests with PB 5.20 LTS on Windows XP.
When Firefox is already running with normal rights, and my program which is running with elevated rights launches a webpage, then a new tab is opened in the existing instance of Firefox (still with normal rights). But the problem occurs when Firefox is not running, and thus my program launches a new instance of Firefox.

@RASHAD:
Thanks for the suggestion, but using your code has the same effect as using RunProgram(): A newly launched instance of Firefox runs with elevated rights.

@Luis:
Many thanks for the interesting links!
I found especially this approach cool and appealing:

Code: Select all

RunProgram("<Windir>\explorer.exe", "MyProg.exe", "")

Unfortunately, when I use that code in a program with elevated rights, it launches "MyProg.exe" also with elevated rights here. I don't know why it worked for the author of that tip.

@JHPJHP:
I've downloaded your tool wwatcher.exe -- many thanks for providing it, and for your kind offer to extract some code from the main program. However, when I run wwatcher.exe with elevated rights, then call "Run Executable As System" from the context menu, and then launch a program, that program also runs with elevated rights (regardless whether I choose "System Integrity Level" or "Current User Integrity Level").

After all, I think I'll stick at the frontend (with normal rights) + backend (with elevated rights) approach.
Thanks again.

[Danilo]

After all, I think I'll stick at the frontend (with normal rights) + backend (with elevated rights) approach.

That's the best way, and you don't need 2 separate EXE for it, see: accessing the program files directory
So you start with user rights for the frontend, and for doing privileged stuff you run yourself again with admin rights,
and you can give commands/arguments to the elevated process.
On the other hand, with 2 separate programs, both could run at the same time and communicate
through a pipe (ReadProgramString()/WriteProgramStringN()), so requesting admin mode is only
required one time for the backend.

[Little John]

Hi Danilo,

many thanks for your valuable input!
I'll "play" a little with the different options, and then I'll certainly come up with new questions.

[Little John]

After all, I think I'll stick at the frontend (with normal rights) + backend (with elevated rights) approach.

That's the best way, and you don't need 2 separate EXE for it, see: accessing the program files directory
So you start with user rights for the frontend, and for doing privileged stuff you run yourself again with admin rights, and you can give commands/arguments to the elevated process.

Now I've put both the User part with normal rights and the Admin part with elevated rights in one EXE file, according to your example. That works fine, and using modules makes it really easy to compose a program of two separate parts. Thanks again for the suggestion!

[...] both could run at the same time and communicate through a pipe (ReadProgramString()/WriteProgramStringN()), so requesting admin mode is only required one time for the backend.

Yes, that's what I've done: The user part launches the Admin part only on start of the program. Repeatedly requesting elevated rights would be annoying for the user.

However, according to the PB documentation it seems to me that I can use ReadProgramString()/WriteProgramStringN() only after RunProgram(). But I'm using ShellExecuteEx_() for launching the Admin part with elevated rights. So I think I'll have to use Win API also for the pipes, no? That shouldn't be a problem, I just want to understand things right, and don't want to miss something.