@SMOPEN and "Global\"

[vefatica]

@SMOPEN with "Global\" apparently only works in an elevated TCC. I Googled a few statements to the effect that this is expected behavior.

Once an elevated TCC opens (creates) Global shared memory, a non-elevated TCC cannot open it at all. Brief tests suggest that a non-elevated process can open it with OpenFileMapping(), but only for FILE_MAP_READ and that CreateFileMap() will fail to open it regardless of the flProtect flags.

 

[Steve Fabian]

For a computer used only as a personal computer (no other users; expecting to be as careful about mistakes and side effects as in the days of floppy disk only machines) is there a reason ever to run non-elevated? Are there actions that cannot be performed when elevated?

 

[vefatica]

For a computer used only as a personal computer (no other users; expecting to be as careful about mistakes and side effects as in the days of floppy disk only machines) is there a reason ever to run non-elevated? Are there actions that cannot be performed when elevated?

While I didn't like Win7's heightened security at first, I'm quite comfortable with it now. There's one big reason to run un-elevated. When a process is elevated, any process it starts runs elevated, and elevation gives a process free rein to do bad things. I suppose if you never use a browser or email and never install software you'd be pretty safe.

 

[vefatica]

FWIW, there's a long discussion about Global objects here (much about file mappings).

I also found by experimentation that if TCC running as SYSTEM (started by a service) creates "Global\" shared memory then, back in the real world, another TCC, running elevated, cannot access it. Maybe messing with ACLs at creation time would change that but it hardly seems worth the effort.