From e63903d0f4ff8a381ee229f6e15c3466cf08dabc Mon Sep 17 00:00:00 2001 From: Jamie Reece Wilson Date: Mon, 18 Nov 2024 21:29:04 +0000 Subject: [PATCH] [*] NT security: do not contaminate the caller thread of AuProcesses with user-switching elevation. --- Source/Processes/AuProcessElevation.NT.cpp | 56 +++++++++++++++++----- 1 file changed, 45 insertions(+), 11 deletions(-) diff --git a/Source/Processes/AuProcessElevation.NT.cpp b/Source/Processes/AuProcessElevation.NT.cpp index 86f6bf62..541ab773 100644 --- a/Source/Processes/AuProcessElevation.NT.cpp +++ b/Source/Processes/AuProcessElevation.NT.cpp @@ -650,16 +650,16 @@ namespace Aurora::Processes } - BOOL Exec(LPCWSTR lpApplicationName, - LPWSTR lpCommandLine, - LPSECURITY_ATTRIBUTES lpProcessAttributes, - LPSECURITY_ATTRIBUTES lpThreadAttributes, - BOOL bInheritHandles, - DWORD dwCreationFlags, - LPVOID lpEnvironment, - LPCWSTR lpCurrentDirectory, - LPSTARTUPINFOW lpStartupInfo, - LPPROCESS_INFORMATION lpProcessInformation) + BOOL ExecOnThread(LPCWSTR lpApplicationName, + LPWSTR lpCommandLine, + LPSECURITY_ATTRIBUTES lpProcessAttributes, + LPSECURITY_ATTRIBUTES lpThreadAttributes, + BOOL bInheritHandles, + DWORD dwCreationFlags, + LPVOID lpEnvironment, + LPCWSTR lpCurrentDirectory, + LPSTARTUPINFOW lpStartupInfo, + LPPROCESS_INFORMATION lpProcessInformation) { DWORD dwSesssionId; GetCurrentSessionId(dwSesssionId); @@ -993,6 +993,40 @@ namespace Aurora::Processes pSetSecurityDescriptorDacl(&this->sd, TRUE, NULL, FALSE); } } + + BOOL Exec(LPCWSTR lpApplicationName, + LPWSTR lpCommandLine, + LPSECURITY_ATTRIBUTES lpProcessAttributes, + LPSECURITY_ATTRIBUTES lpThreadAttributes, + BOOL bInheritHandles, + DWORD dwCreationFlags, + LPVOID lpEnvironment, + LPCWSTR lpCurrentDirectory, + LPSTARTUPINFOW lpStartupInfo, + LPPROCESS_INFORMATION lpProcessInformation) + { + BOOL bRet = false; + + if (auto pThread = AuThreads::Spawn([&]() + { + bRet = ExecOnThread(lpApplicationName, + lpCommandLine, + lpProcessAttributes, + lpThreadAttributes, + bInheritHandles, + dwCreationFlags, + lpEnvironment, + lpCurrentDirectory, + lpStartupInfo, + lpProcessInformation); + + }, false)) + { + pThread->GetShutdownWaitable()->Lock(); + } + + return bRet; + } }; AUKN_SYM void RunAs(StartupParameters &startupParameters, @@ -1008,7 +1042,7 @@ namespace Aurora::Processes std::placeholders::_7, std::placeholders::_8, std::placeholders::_9, std::placeholders::_10); startupParameters.ntFixSharedHandleAttrs = std::bind(&SecureRunAs::FixSharedAttrs, pThat, - std::placeholders::_1); + std::placeholders::_1); } } \ No newline at end of file