What choices do I have on MS Windows platforms for

2019-03-28 06:44发布

To understand what I'm asking, it's important to distinguish from among the several uses of SUID in Unix.

I have a project that uses an executable in the user's PATH which is owned by the project and which has the SUID bit set. In this way, when it runs, it runs in the context of the file's owner, not the calling user. This way, it has access to things that the user does not, and thereby these things are protected from the user by normal file system protections. This works reasonably well. Plans are to move the project to a client-server architecture but that's going to take some time. In the mean time, how can I replicate this type of behavior on Windows systems?

Note that the project's executables do not call the SETUID library call though, frankly, that would be a great feature to add, in my opinion, given what the project does. The project does not need system root privileges. It's first security concern is that it needs to protect its own files from the user (which is simply any user other than the file owner) and it would be very nice if it had the ability to switch to "user context" to access the file system as if it were the calling user. (In this way, it could more easily determine what is OK for the project to touch and what is not.)

The project is written in a combination of C and Java - a C program with SUID set calls the Java code...

I am keen to know all such mechanisms, and am especially focused on those which are:

  1. Suitable for C and Java, and;
  2. Easy to implement for non-Windows programmers, and;
  3. Require minimal coding unique to Windows.

If some solutions are superior, please share your thoughts on whatever you are aware of in this regard.

NOTES:

  1. LogonUser: Requires a password in plain text. How can that be an answer?
  2. RunAs: Requires password be entered at PROMPT! ...As with LogonUser only worse; I don't see how this is an answer.

2条回答
家丑人穷心不美
2楼-- · 2019-03-28 07:01

I don't think there's an equivilent of SETUID in Windows, but you can launch a process as another user. If you are using C, there are really only two major Windows Specific functions you'll need to look into:

LogonUser

CreateProcessAsUser

The docs for those functions are pretty good, so it shouldn't be that huge of a challenge. Basicly, you'll use LogonUser to impersonate the user, then CreateProcessAsUser to launch the JVM as that user.

You could also look at the RUNAS command, but I'm not sure if that would meet your needs or not.

查看更多
成全新的幸福
3楼-- · 2019-03-28 07:20

Cygwin has an excellent discussion on how they do this without requiring the user password here: Using Windows security in Cygwin

Basically they install a custom LSA authentication package that provides security tokens without requiring a password. As a fallback, when the authentication package is not installed, they use the undocumented NtCreateToken API.

An application wanting to impersonate could make a cygwin setuid call before calling java.

查看更多
登录 后发表回答