SAFER plug-in: Difference between revisions

From NSIS Wiki
Jump to navigationJump to search
m (Fixed link (Damn you MSDN))
(Added Vista note)
Line 1: Line 1:
{{PageAuthor|Anders}}
{{PageAuthor|Anders}}
<div style="border: 1px solid #707020; background-color:#fafa70; color:#202010; padding:0.3em;"><font size="-1"><b>Note:</b></font> The Windows SAFER API was never integrated with UAC integrity levels. This plug-in is not sufficient to create a sandbox on Vista and later.</div>


== Links ==
== Links ==
Line 8: Line 11:
'''Supported on:''' Win XP/Vista (SAFER::SupportsSAFER call supported on all 32 bit versions)
'''Supported on:''' Win XP/Vista (SAFER::SupportsSAFER call supported on all 32 bit versions)


The SAFER plugin uses the SAFER api to create a new process with a restricted token.
The SAFER plugin uses the [http://docs.microsoft.com/en-us/windows/win32/secmgmt/management-functions#safer-functions SAFER API] to create a new process with a restricted token.
Based on code/info from <!-- http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncode/html/secure11152004.asp -->[http://web.archive.org/web/20070301182208/http://msdn2.microsoft.com/en-us/library/ms972827.aspx MSDN]
Based on code/info from <!-- http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncode/html/secure11152004.asp -->[http://web.archive.org/web/20070301182208/http://msdn2.microsoft.com/en-us/library/ms972827.aspx MSDN]



Revision as of 16:26, 4 September 2019

Author: Anders (talk, contrib)


Note: The Windows SAFER API was never integrated with UAC integrity levels. This plug-in is not sufficient to create a sandbox on Vista and later.


Links

SAFER.zip (3 KB)

Description

Version: 0.1 - 20061222
Supported on: Win XP/Vista (SAFER::SupportsSAFER call supported on all 32 bit versions)

The SAFER plugin uses the SAFER API to create a new process with a restricted token. Based on code/info from MSDN

Supported levels are:

SAFER_LEVELID_CONSTRAINED
SAFER_LEVELID_UNTRUSTED
SAFER_LEVELID_NORMALUSER


Usage Example

# Check for SAFER api support (this call should be supported on any NT system,
# but not Win9x so check for that before you call this dll (Links directly to CreateProcessAsUser)
  SAFER::SupportsSAFER 
# $0 now contains 1 if SAFER is supported or 0 if not  
 
#Start calculater with SAFER_LEVELID_CONSTRAINED
SAFER::Exec CONSTRAINED "calc.exe"

Credits

Written by Anders (For fun and profit?)