Windows Vista for Developers – Part 4 – User Account Control
Designing Applications to Run at a Low Integrity Level
Communication between low-integrity and higher-integrity processes
Low-integrity processes are not completely isolated from other applications. They can interact with other processes. In fact, without some forms of collaboration, applications running at low integrity may seem to the user to be completely broken.
Some forms of IPC are available for low-integrity processes to communicate with higher-integrity processes. Components in Windows Vista block the following types of communication.
- Most window messages and process hooks are blocked by UIPI.
- Opening a process and using CreateRemoteThread is blocked by the mandatory label on process objects.
- Opening a shared memory section for write access is blocked.
- Using a named object created by a higher integrity process for synchronization is blocked by the default mandatory label.
- Binding to a running instance of a COM service is block.
However, you can use other types of communication between a low-integrity process and a higher-integrity process. The types of communication that you can use include: - Clipboard (copy and paste)
- Remote procedure call (RPC)
- Sockets
- Window messages that the higher-integrity process has been explicitly allowed to receive from lower-integrity processes by calling ChangeWindowMessageFilter
- Shared memory, where the higher-integrity process explicitly lowers the mandatory label on the shared memory section
Important This is particularly dangerous, and the higher-integrity process must be careful to validate all data that is written to the shared section. - COM interfaces, where the launch activation rights are set programmatically by the higher-integrity process to allow binding from low integrity clients
- Named pipes, where the creator explicitly sets the mandatory label on the pipe to allow access to lower-integrity processes
Important
Rss Feed