[*] NT security: do not contaminate the caller thread of AuProcesses with user-switching elevation.

Source/Processes/AuProcessElevation.NT.cpp

@@ -650,16 +650,16 @@ namespace Aurora::Processes
 
         }
 
-        BOOL Exec(LPCWSTR               lpApplicationName,
+        BOOL ExecOnThread(LPCWSTR               lpApplicationName,
-                  LPWSTR                lpCommandLine,
+                          LPWSTR                lpCommandLine,
-                  LPSECURITY_ATTRIBUTES lpProcessAttributes,
+                          LPSECURITY_ATTRIBUTES lpProcessAttributes,
-                  LPSECURITY_ATTRIBUTES lpThreadAttributes,
+                          LPSECURITY_ATTRIBUTES lpThreadAttributes,
-                  BOOL                  bInheritHandles,
+                          BOOL                  bInheritHandles,
-                  DWORD                 dwCreationFlags,
+                          DWORD                 dwCreationFlags,
-                  LPVOID                lpEnvironment,
+                          LPVOID                lpEnvironment,
-                  LPCWSTR               lpCurrentDirectory,
+                          LPCWSTR               lpCurrentDirectory,
-                  LPSTARTUPINFOW        lpStartupInfo,
+                          LPSTARTUPINFOW        lpStartupInfo,
-                  LPPROCESS_INFORMATION lpProcessInformation)
+                          LPPROCESS_INFORMATION lpProcessInformation)
         {
             DWORD dwSesssionId;
             GetCurrentSessionId(dwSesssionId);
@@ -993,6 +993,40 @@ namespace Aurora::Processes
                 pSetSecurityDescriptorDacl(&this->sd, TRUE, NULL, FALSE);
             }
         }
+    
+        BOOL Exec(LPCWSTR               lpApplicationName,
+                  LPWSTR                lpCommandLine,
+                  LPSECURITY_ATTRIBUTES lpProcessAttributes,
+                  LPSECURITY_ATTRIBUTES lpThreadAttributes,
+                  BOOL                  bInheritHandles,
+                  DWORD                 dwCreationFlags,
+                  LPVOID                lpEnvironment,
+                  LPCWSTR               lpCurrentDirectory,
+                  LPSTARTUPINFOW        lpStartupInfo,
+                  LPPROCESS_INFORMATION lpProcessInformation)
+        {
+            BOOL bRet = false;
+        
+            if (auto pThread = AuThreads::Spawn([&]()
+            {
+                bRet = ExecOnThread(lpApplicationName,
+                                    lpCommandLine,
+                                    lpProcessAttributes,
+                                    lpThreadAttributes,
+                                    bInheritHandles,
+                                    dwCreationFlags,
+                                    lpEnvironment,
+                                    lpCurrentDirectory,
+                                    lpStartupInfo,
+                                    lpProcessInformation);
+        
+            }, false))
+            {
+                pThread->GetShutdownWaitable()->Lock();
+            }
+        
+            return bRet;
+        }
     };
 
     AUKN_SYM void RunAs(StartupParameters &startupParameters,
@@ -1008,7 +1042,7 @@ namespace Aurora::Processes
                                                                std::placeholders::_7, std::placeholders::_8,
                                                                std::placeholders::_9, std::placeholders::_10);
         startupParameters.ntFixSharedHandleAttrs = std::bind(&SecureRunAs::FixSharedAttrs, pThat,
-                                                               std::placeholders::_1);
+                                                             std::placeholders::_1);
 
     }
 }