execute program files and system binaries - essentially a generic interactive user with no access to any actual user files). 2. Restricted with access to the user's files. 3. Unrestricted - access to other groups the user is a part of.

Commit

35 days ago

secureProcess: a restricted token now always is restricted to he base interactive groups + Restricted + the Logon SID. a retainuser boolean argument can be set to true to also include the User in the list of restricted SIDs. A separate createLeastPrivilegedPtoken function ahs been added which just todes token removal if a restricted token is not wanted. The SecureProcess constructor now takes a new restrictToken boolean argument which is True by default meaning a restricted token will be used. The allowUser argument has been renamed to retainuserInRestrictedToken. All this means that now there are conceptually several modes ART processes can be run in: 1. fully restricted (just enough for basic interaction / ability to read / execute program files and system binaries - essentially a generic interactive user with no access to any actual user files). 2. Restricted with access to the user's files. 3. Unrestricted - access to other groups the user is a part of. disableDangerousSids has been completely removed, as it only applied to elevated processes, but even then caused the process to crash. Now using a restricted token instead here Windows handles denile of administrative access much nicer than our code maintaining a perhaps incomplete set of dangerous SIDs.

Author

michaelDCurran

Committer

michaelDCurran

Parents

6409713a