...
An application may spawn another process as part of its normal course of action. On Windows, the newly-spawned process automatically receives the same privileges as the parent process [MSDN]. By allowing the child process to run in the same security context as the parent process, the attack surface for the application is extended to the child process. Furthermore, this example allows the child process to inherit handles from the parent process by passing TRUE to the bInheritsHandles parameter.
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <Windows.h>
void launch_notepad(void) {
PROCESS_INFORMATION pi;
STARTUPINFO si;
ZeroMemory(&si, sizeof(si));
si.cb = sizeof( si );
if (CreateProcess(TEXT("C:\\Windows\\Notepad.exe"), NULL, NULL, NULL, TRUE,
0, NULL, NULL, &si, &pi )) {
/* Process has been created; work with the process and wait for it to
terminate. */
WaitForSingleObject(pi.hProcess, INFINITE);
CloseHandle(pi.hThread);
CloseHandle(pi.hProcess);
}
}
|
...
The compliant example demonstrates how to launch Notepad.exe using a low integrity level, regardless of what privilege level the parent process is running from. It also disallows handle inheritance by passing FALSE to the bInheritsHandles parameter, since notepad.exe does not require access to any of the process' handles.
Possible values for the integrity level SID strings are:
...