Are processes launched by elevated processes themselves elevated?

6

3

I have a program that launches a browser window when a user performs certain actions. My program requires Administrator access (i.e. must be launched via "Run as Administrator" or have requestedElevationLevel set to requireAdministrator in its manifest file in Vista or Win7).

I am worried that the browser will inherit the elevation level of the parent process; that is, I'm concerned the browser will also be launched with Administrator elevation. Is this correct? If so, is there any way to prevent this?

will

Posted 2010-07-14T02:20:27.553

Reputation: 63

Answers

7

UAC can be a rather complex concept to wrap your head around. Generally speaking, a child process inherits its access token from the parent process. However, this only occurs if both processes have the same integrity level:

Each application that requires the administrator access token must prompt the administrator for consent. The one exception is the relationship that exists between parent and child processes. Child processes inherit the user access token from the parent process. Both the parent and child processes, however, must have the same integrity level.

Integrity levels depend on a variety of things, but generally speaking, a web browser is a low integrity application, and will likely require an additional UAC prompt if it tries to do any operation requiring a higher level of privilege:

Windows 7 protects processes by marking their integrity levels. Integrity levels are measurements of trust. A "high" integrity application is one that performs tasks that modify system data, such as a disk partitioning application, while a "low" integrity application is one that performs tasks that could potentially compromise the operating system, such as a Web browser. Applications with lower integrity levels cannot modify data in applications with higher integrity levels.

If you wish to learn more about UAC, the following articles are a good resource:

jrista

Posted 2010-07-14T02:20:27.553

Reputation: 513

TLDR: yes, they are elevated if they are a child process with the same integrity level. But they are likely not to be – Ivo Flipse – 2010-07-14T06:05:40.997

1Read his full answer, it's highly relevant to the OP. He is specifically concerned about a web browser inheriting elevated status, which as jrista explains, it probably won't be inherited for a browser. – nhinkle – 2010-07-14T07:18:58.743

Thanks for emphasizing that @nhinkle, edited my comment appropriately – Ivo Flipse – 2010-07-14T18:39:23.803

0

You are correct. Any process that spawns a child process inherits it's security context (admin or not) by default.

I'm not sure there's a way around this without control of this program's source code (but I may be wrong).

ligos

Posted 2010-07-14T02:20:27.553

Reputation: 355

Asked: 2010-07-14T02:20:27.553

Viewed: 3 222 times

Active: 2010-07-14T19:15:22.550