To understand what I'm asking, it's important to distinguish from among the several uses of SUID in Unix.
I have a project that uses an executable in the user's PATH which is owned by the project and which has the SUID bit set. In this way, when it runs, it runs in the context of the file's owner, not the calling user. This way, it has access to things that the user does not, and thereby these things are protected from the user by normal file system protections. This works reasonably well. Plans are to move the project to a client-server architecture but that's going to take some time. In the mean time, how can I replicate this type of behavior on Windows systems?
Note that the project's executables do not call the SETUID library call though, frankly, that would be a great feature to add, in my opinion, given what the project does. The project does not need system root privileges. It's first security concern is that it needs to protect its own files from the user (which is simply any user other than the file owner) and it would be very nice if it had the ability to switch to "user context" to access the file system as if it were the calling user. (In this way, it could more easily determine what is OK for the project to touch and what is not.)
The project is written in a combination of C and Java - a C program with SUID set calls the Java code...
I am keen to know all such mechanisms, and am especially focused on those which are:
If some solutions are superior, please share your thoughts on whatever you are aware of in this regard.
NOTES:
Cygwin has an excellent discussion on how they do this without requiring the user password here: Using Windows security in Cygwin
Basically they install a custom LSA authentication package that provides security tokens without requiring a password. As a fallback, when the authentication package is not installed, they use the undocumented NtCreateToken API.
An application wanting to impersonate could make a cygwin setuid call before calling java.
I don't think there's an equivilent of SETUID in Windows, but you can launch a process as another user. If you are using C, there are really only two major Windows Specific functions you'll need to look into:
LogonUser
CreateProcessAsUser
The docs for those functions are pretty good, so it shouldn't be that huge of a challenge. Basicly, you'll use LogonUser to impersonate the user, then CreateProcessAsUser to launch the JVM as that user.
You could also look at the RUNAS command, but I'm not sure if that would meet your needs or not.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With