Subject Re: [IB-Architect] Running as a normal user on NT.
Author Jan Mikkelsen
rfm@... wrote:
>The current local access system uses a memory mapped file and
>syncronization objects for communication between client and server.

That makes sense. There are later calls creating semaphores and mapping
views of files, which I didn't try to analyze.

>> This doesn't solve the problem of OpenProcess(PROCESS_ALL_ACCESS, TRUE,
>> pid). It looks to me like the whole local access protocol should be
>> revisited.
>I suspect that the open process is so that the server will notice
>when the client dies. (although I could be wrong).

To do that it only needs SYNCHRONIZE access. It seems to be asking for
permission to arbitrarily mess with the client process, including reading
and writing to memory, creating and destroying threads and killing the
process outright. Assuming I was looking at the right call, of course.

There are other ways of finding out that the other end of the conversation
has died. Using named synchronisation objects or a protocol where the
client provides a handle for this purpose to the server created using
DuplicateHandle, for example.

On a secure system, just avoiding the local access protocol looks like the
best approach at the moment.

In any case, I think we agree.

Jan Mikkelsen