privilege-elevation | 易学教程

Escalate Privilege at Runtime (Windows API C/C++)

阅读更多关于 Escalate Privilege at Runtime (Windows API C/C++)

问题 My application does not always require "admin" privileges and most of the time would run as the current user. Is there any way, I can escalate privs by throwing up a UAC at runtime after my program is already running? This will only happen as and when I need privs. Rather than having to start with high privs. I know the "runas" technique, manifest file etc. but all these are before the process is created and not at runtime, on-demand 回答1: Congratulations, that's exactly how UAC is designed to

Do I jeopardize security of the system if I start a logon user process with the SYSTEM user token?

阅读更多关于 Do I jeopardize security of the system if I start a logon user process with the SYSTEM user token?

问题 I'm curious from a security standpoint, how bad is it to do what I describe below? I need to launch an elevated process in an interactive logon user session from my local service. This process merely exists as a message-only GUI window, which is never visible to the user, and it's class name is randomized every time the process starts. It speeds things up if I run this process with the user token of the local service as such: //Pseudo-code, error checks are omitted for brevity //This code is

Why do I need setuid(0) within a setuid-root C program that calls an administrative program with system()?

阅读更多关于 Why do I need setuid(0) within a setuid-root C program that calls an administrative program with system()?

问题 I had to do a dirty Linux hack for somebody so they could start a printer with the cupsenable printername shell command while being a non-root user. I didn't want them to be able to use the entirety of the cupsenable syntax as root, so I just wrote a C wrapper that sanitizes the input in argv[1] and calls system("cupsenable sanitizedprintername") . I made the program setuid root, but even so, cupsenable failed with "permission denied". Then I inserted a setuid(0) call before system() and, lo

Why do I need setuid(0) within a setuid-root C program that calls an administrative program with system()?

阅读更多关于 Why do I need setuid(0) within a setuid-root C program that calls an administrative program with system()?

Python - escalate privileges while running

阅读更多关于 Python - escalate privileges while running

问题 I'm writing a small extendable server management console, and I'd like to run it as a separate user that is really limited in actions - for security, of course, actually, I see no better way to do this. When somebody enters that console and tries to make some action that requires root privileges, such as putting network interface down, he'd be asked for a sudo password to do so, then this password would be used for the system to check if user has right to sudo, then - to execute the command.

How to launch an elevated process in a logon user session from a local service?

阅读更多关于 How to launch an elevated process in a logon user session from a local service?

问题 I need to launch an elevated process in an interactive logon user session from my local service. For that I use the code very similar to this one. But I'm not sure how to specify elevation in the user token returned by WTSQueryUserToken API, and to make it work on Windows XP and up? 来源： https://stackoverflow.com/questions/38429078/how-to-launch-an-elevated-process-in-a-logon-user-session-from-a-local-service

Removing Administrator Privilages from Process

阅读更多关于 Removing Administrator Privilages from Process

问题 With the help of this great MSDN article, my first idea was to simply check if the process is using an elevated Administrator group, and using AdjustTokenGroups() I would set the Administrator group to SE_GROUP_USE_FOR_DENY_ONLY . Unfortunately though, we can't modify the administrator group on the currently running process as it also has the SE_GROUP_MANDATORY attribute, which makes it inelligable for changing. The MSDN document has this to say about it: The AdjustTokenGroups function cannot

CreateProecssAsUser elevated privilege?

阅读更多关于 CreateProecssAsUser elevated privilege?

问题 I'm getting an error with my CreateProcessAsUser function. It says "The requested operation requires elevation. " I thought i had given it the highest privilege i could. Anyone help? thanks My code is as follows: activeSessionId = WTSGetActiveConsoleSessionId();//get the currently logged on user's active session id hProcessSnap = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );//take snapshot of all processes in The system pe32.dwSize = sizeof(PROCESSENTRY32); Process32First(hProcessSnap,

Removing Administrator Privilages from Process

阅读更多关于 Removing Administrator Privilages from Process

With the help of this great MSDN article , my first idea was to simply check if the process is using an elevated Administrator group, and using AdjustTokenGroups() I would set the Administrator group to SE_GROUP_USE_FOR_DENY_ONLY . Unfortunately though, we can't modify the administrator group on the currently running process as it also has the SE_GROUP_MANDATORY attribute, which makes it inelligable for changing. The MSDN document has this to say about it: The AdjustTokenGroups function cannot disable groups with the SE_GROUP_MANDATORY attribute in the TOKEN_GROUPS structure. Use

CreateProecssAsUser elevated privilege?

阅读更多关于 CreateProecssAsUser elevated privilege?

I'm getting an error with my CreateProcessAsUser function. It says "The requested operation requires elevation. " I thought i had given it the highest privilege i could. Anyone help? thanks My code is as follows: activeSessionId = WTSGetActiveConsoleSessionId();//get the currently logged on user's active session id hProcessSnap = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );//take snapshot of all processes in The system pe32.dwSize = sizeof(PROCESSENTRY32); Process32First(hProcessSnap, &pe32) do//iterate through all processes { if(_wcsicmp(pe32.szExeFile, L"winlogon.exe") == 0)//narrow