DonatJR
commented
6 years ago Yeah, from #105:
Solution 2: Check for this error and display our own elevation prompt, this is currently rudimentarily implemented (thoughts?)
I just used the same code as before the token was used at all. This can certainly be improved.
bencikpeter
I´ve been having a look at how the elevation promt issue was resolved and found this:
https://github.com/SharkCagey/HTWG_shark_cage/blob/6e7da91cdcfdcc57d6324d8cc08021d76337bb5a/SharkCage/CageManager/CageManager.cpp#L212-L229
In my opinion this is a massive over-elevation of that process. Arbitrary process is being launched with a token having
SeCreateTokenPrivilege,SeTcbPrivilegeand with context ofLocalSystem. That alone grants basically unlimited control of the whole machine. (And who knows what else is in that token, since it is sampled from some system process)If we cannot fix it, I think it should be a point of discussion whether we want to do this and leave a big security hole, or disable running elevated processes in a cage for now