SAFER plug-in

From NSIS Wiki
Jump to navigationJump to search
Author: Anders (talk, contrib)


Note: The Windows SAFER API was never integrated with UAC integrity levels. This plug-in is not sufficient to create a sandbox on Vista and later.


Links

SAFER.zip (3 KB)

Description

Version: 0.1 - 20061222
Supported on: Win XP/Vista (SAFER::SupportsSAFER call supported on all 32 bit versions)

The SAFER plugin uses the SAFER API to create a new process with a restricted token. Based on code/info from MSDN

Supported levels are:

SAFER_LEVELID_CONSTRAINED
SAFER_LEVELID_UNTRUSTED
SAFER_LEVELID_NORMALUSER


Usage Example

# Check for SAFER api support (this call should be supported on any NT system,
# but not Win9x so check for that before you call this dll (Links directly to CreateProcessAsUser)
  SAFER::SupportsSAFER 
# $0 now contains 1 if SAFER is supported or 0 if not  
 
#Start calculater with SAFER_LEVELID_CONSTRAINED
SAFER::Exec CONSTRAINED "calc.exe"

Credits

Written by Anders (For fun and profit?)