| Subject | Re: [IB-Architect] Running as a normal user on NT. |
|---|---|
| Author | Jan Mikkelsen |
| Post date | 2000-04-27T02:58:58Z |
rfm@... wrote:
views of files, which I didn't try to analyze.
permission to arbitrarily mess with the client process, including reading
and writing to memory, creating and destroying threads and killing the
process outright. Assuming I was looking at the right call, of course.
There are other ways of finding out that the other end of the conversation
has died. Using named synchronisation objects or a protocol where the
client provides a handle for this purpose to the server created using
DuplicateHandle, for example.
On a secure system, just avoiding the local access protocol looks like the
best approach at the moment.
In any case, I think we agree.
Jan Mikkelsen
janm@...
>The current local access system uses a memory mapped file andThat makes sense. There are later calls creating semaphores and mapping
>syncronization objects for communication between client and server.
views of files, which I didn't try to analyze.
>> This doesn't solve the problem of OpenProcess(PROCESS_ALL_ACCESS, TRUE,To do that it only needs SYNCHRONIZE access. It seems to be asking for
>> pid). It looks to me like the whole local access protocol should be
>> revisited.
>>
>???
>I suspect that the open process is so that the server will notice
>when the client dies. (although I could be wrong).
permission to arbitrarily mess with the client process, including reading
and writing to memory, creating and destroying threads and killing the
process outright. Assuming I was looking at the right call, of course.
There are other ways of finding out that the other end of the conversation
has died. Using named synchronisation objects or a protocol where the
client provides a handle for this purpose to the server created using
DuplicateHandle, for example.
On a secure system, just avoiding the local access protocol looks like the
best approach at the moment.
In any case, I think we agree.
Jan Mikkelsen
janm@...