Dailydave mailing list archives
Re: wanted: run_as_low_integrity command on Vista?
From: Joanna Rutkowska <joanna () invisiblethings org>
Date: Tue, 16 Jan 2007 15:29:23 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Andrew, Indeed, it seems like you can use not only chml, but also new Vista's icacls command to do that - i.e. to set the integrity level of an executable to low and then, when started (from withing a processes running at medium IL), the new process will run with low IL. But that seems to work only if you are starting the process in the context of the current user... However, if one uses the runas command (or Mark's psexec) to start a process as a different user, then the new process gets medium IL, despite the fact that its executable is marked with "Low Mandatory Level" ACE. Any idea why that happens? Also, in [1] a method for starting a medium IL processes from within IE running in Protected Mode (i.e. at low IL) is described - it requires setting appropriate entries in the registry under HKLM\Software\Microsoft\IE key. The question is: is there any way to do that for other low integrity processes, besides IE? E.g. I would like to allow my Thunderbird.exe (running as low IL) to start gpg.exe at medium IL, without popping the consent dialog box (as my Thunderbird typically starts gpg.exe a few dozens of times every day)? joanna. [1] http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ietechcol/dnwebgen/protectedmode.asp Andrew Cushman wrote:
Here's what Mark Russinovich said... -----Original Message----- From: Mark Russinovich Sent: Monday, January 15, 2007 9:27 AM To: Andrew Cushman Subject: RE: [Dailydave] wanted: run_as_low_integrity command on Vista? I'm going to add support for this to Process Explorer in the near future. In the meantime she can make a copy of cmd.exe and set its integrity level to low using Mark Minasi's Chml tool: http://www.minasi.com/vista/chml.htm -----Original Message----- From: dailydave-bounces () lists immunitysec com [mailto:dailydave-bounces () lists immunitysec com] On Behalf Of Joanna Rutkowska Sent: Sunday, January 14, 2007 10:24 AM To: dailydave Subject: [Dailydave] wanted: run_as_low_integrity command on Vista? Does anybody know of any *off-the-shelf* tool/command that could be used to lunch a process in low integrity mode on Vista? Something like: runaslow <progname> <args> joanna. BTW, I read this: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ietechc ol/dnwebgen/protectedmode.asp and I think I know how to do that in C - it's just that I can't believe that MS (or at least Mark Russinovich) hasn't shipped such a tool...
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave -----BEGIN PGP SIGNATURE----- iD8DBQFFrOFBORdkotfEW84RAoDtAJ9JrrQJfbFZc0M2p5YXhvRvES9JowCg01E7 qTG4+8jskNd4Yy9gkELQVr0= =17yf -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- wanted: run_as_low_integrity command on Vista? Joanna Rutkowska (Jan 14)
- Message not available
- Re: wanted: run_as_low_integrity command on Vista? Joanna Rutkowska (Jan 16)
- Message not available