PureBasic Forums - English

Posted: **Sat Nov 09, 2013 3:22 pm**

Hi all,

I'm currently writing a program that requires administrative privileges.
Its GUI contains a HyperLinkGadget, and when the user clicks at it a webpage with additional information is opened in the default browser.

But since my program is running with administrative privileges, currently the web browser is also launched with administrative privileges. This is not necessary for showing the webpage, and it's a potential security hole.

So how can a PB program that is running with administrative privileges, launch a third party program so that it runs only with normal privileges?

Posted: **Sat Nov 09, 2013 3:42 pm**

Well of course a way around that would be to use a PB web gadget in it's own window without any controls to change the page.

Posted: **Sat Nov 09, 2013 4:54 pm**

IdeasVacuum wrote:Well of course a way around that would be to use a PB web gadget in it's own window without any controls to change the page.

That would not help. My program has administrative privileges, and for security reasons I want to avoid that a program connects to the internet with administrative privileges. Also, I want the respective webpage to be shown in the default browser of the system, not in a webgadget.

I think I've found a solution now: I'll split my program into two EXE files, a frontend and a backend. The frontend contains the GUI and runs with normal privileges, and for doing some advanced tasks it will call the backend, which will then run with administrative privileges.

Does anyone have a better idea?

Posted: **Sat Nov 09, 2013 5:04 pm**

Hi LJ
I am not sure but you can test it (It should work)

Code: Select all

  AppVerb$ = "open"
  AppName$ = "http://www.purebasic.fr/english/index.php"
  AppDir$  = ""
     
  shExecInfo.SHELLEXECUTEINFO
  shExecInfo\cbSize=SizeOf(SHELLEXECUTEINFO)
  shExecInfo\fMask=#Null
  shExecInfo\hwnd=#Null;
  shExecInfo\lpVerb=@AppVerb$
  shExecInfo\lpFile=@AppName$
  shExecInfo\lpDirectory=@AppDir$
  shExecInfo\nShow=#SW_NORMAL
 
  ShellExecuteEx_(shExecInfo)

Posted: **Sat Nov 09, 2013 5:48 pm**

I don't think there is a reliable way to lower the privileges in Windows.

Here is an article with some explanations and a solution that is really a hack

http://blogs.microsoft.co.il/blogs/sash ... ocess.aspx

linked there you'll find this, exactly what you are talking about

http://blogs.msdn.com/b/aaron_margosis/ ... d-app.aspx

and a different approach

http://stackoverflow.com/questions/7870 ... el-process

and a different one

http://mdb-blog.blogspot.it/2013/01/nsi ... m-uac.html

all untested

Posted: **Sat Nov 09, 2013 6:43 pm**

Hi Little John,

The following is a tool I created, it's main purpose has nothing to do with what you're asking...

... but there is a right-click context menu item "Run Executable As SYSTEM" that may be of use
- I'm not sure if running as SYSTEM is any better then Administrator, as it can utilize some pretty powerful privileges
-- but there are different Integrity Levels that may suit your needs

If you think it can be of use, I'll extract the "Run As System" script from the main program, and post a new link.

Posted: **Sun Nov 10, 2013 5:12 pm**

Hi,

thanks for your replies!

For the sake of completeness, some points that I forgot to mention:
The behaviour which I reported happens when I launch a webpage with RunProgram(url$). I made all tests with PB 5.20 LTS on Windows XP.
When Firefox is already running with normal rights, and my program which is running with elevated rights launches a webpage, then a new tab is opened in the existing instance of Firefox (still with normal rights). But the problem occurs when Firefox is not running, and thus my program launches a new instance of Firefox.

@RASHAD:
Thanks for the suggestion, but using your code has the same effect as using RunProgram(): A newly launched instance of Firefox runs with elevated rights.

@Luis:
Many thanks for the interesting links!
I found especially this approach cool and appealing:

Code: Select all

RunProgram("<Windir>\explorer.exe", "MyProg.exe", "")

Unfortunately, when I use that code in a program with elevated rights, it launches "MyProg.exe" also with elevated rights here. I don't know why it worked for the author of that tip.

@JHPJHP:
I've downloaded your tool wwatcher.exe -- many thanks for providing it, and for your kind offer to extract some code from the main program. However, when I run wwatcher.exe with elevated rights, then call "Run Executable As System" from the context menu, and then launch a program, that program also runs with elevated rights (regardless whether I choose "System Integrity Level" or "Current User Integrity Level").

After all, I think I'll stick at the frontend (with normal rights) + backend (with elevated rights) approach.
Thanks again.

Posted: **Mon Nov 11, 2013 2:05 am**

Little John wrote:After all, I think I'll stick at the frontend (with normal rights) + backend (with elevated rights) approach.

That's the best way, and you don't need 2 separate EXE for it, see: accessing the program files directory
So you start with user rights for the frontend, and for doing privileged stuff you run yourself again with admin rights,
and you can give commands/arguments to the elevated process.
On the other hand, with 2 separate programs, both could run at the same time and communicate
through a pipe (ReadProgramString()/WriteProgramStringN()), so requesting admin mode is only
required one time for the backend.

Posted: **Mon Nov 11, 2013 8:41 pm**

Hi Danilo,

many thanks for your valuable input!
I'll "play" a little with the different options, and then I'll certainly come up with new questions.

Posted: **Fri Nov 15, 2013 8:19 am**

Danilo wrote:
Little John wrote:After all, I think I'll stick at the frontend (with normal rights) + backend (with elevated rights) approach.
That's the best way, and you don't need 2 separate EXE for it, see: accessing the program files directory
So you start with user rights for the frontend, and for doing privileged stuff you run yourself again with admin rights, and you can give commands/arguments to the elevated process.

Now I've put both the User part with normal rights and the Admin part with elevated rights in one EXE file, according to your example. That works fine, and using modules makes it really easy to compose a program of two separate parts. Thanks again for the suggestion!

Danilo wrote:[...] both could run at the same time and communicate through a pipe (ReadProgramString()/WriteProgramStringN()), so requesting admin mode is only required one time for the backend.

Yes, that's what I've done: The user part launches the Admin part only on start of the program. Repeatedly requesting elevated rights would be annoying for the user.

However, according to the PB documentation it seems to me that I can use ReadProgramString()/WriteProgramStringN() only after RunProgram(). But I'm using ShellExecuteEx_() for launching the Admin part with elevated rights. So I think I'll have to use Win API also for the pipes, no? That shouldn't be a problem, I just want to understand things right, and don't want to miss something.

PureBasic Forums - English

[Windows] How to launch a program with lowered rights?

[Windows] How to launch a program with lowered rights?

Re: [Windows] How to launch a program with lowered rights?

Re: [Windows] How to launch a program with lowered rights?

Re: [Windows] How to launch a program with lowered rights?

Re: [Windows] How to launch a program with lowered rights?

Re: [Windows] How to launch a program with lowered rights?

Re: [Windows] How to launch a program with lowered rights?

Re: [Windows] How to launch a program with lowered rights?

Re: [Windows] How to launch a program with lowered rights?

Re: [Windows] How to launch a program with lowered rights?