CODEWITHSUNDEEP
c#windowssecurityipc
Ollhak
Ollhak

Reputation: 93

Gaining access to a MemoryMappedFile from low-integrity process

I'm trying to create a MemoryMappedFile on a medium-integrity process, then open the same file on a low-integrity child process and use this shared memory for IPC. There's no real disk file (using MemoryMappedFile.CreateNew).

My problem is that the low-integrity process cannot open the shared memory, throwing this: "System.UnauthorizedAccessException: Access to the path is denied.". I'm not surprised that this is the case, given that I want write access from the low-integrity process, but how do you grant it access?

Here's my code:

Medium integrity process:

MemoryMappedFileSecurity security = new MemoryMappedFileSecurity();
var file = MemoryMappedFile.CreateNew("test", 4096, MemoryMappedFileAccess.ReadWrite, MemoryMappedFileOptions.None, security, HandleInheritability.Inheritable);

var view = file.CreateViewAccessor();
view.Write(0, true);

Low integrity process:

try
{
    MemoryMappedFile file = MemoryMappedFile.OpenExisting("test", MemoryMappedFileRights.ReadWrite);
    var view = file.CreateViewAccessor();
    var v = view.ReadBoolean(0);
    Log.Info("MAPPED: " + v);
}
catch (Exception e)
{
    Log.Info("Error: " + e);
}

Works fine if both processes work in medium integrity. After reading this, I tried setting the SDDL string on the medium integrity process like this:

security.SetSecurityDescriptorSddlForm("S:(ML;;NW;;;LW)");

But that gives me another exception, this time when the memory mapped file is created: "System.IO.IOException: A required privilege is not held by the client.". Not really sure this is the right way to do it anyway, I'm not really clear on how the Win32/C++ examples translates to C#...

Anyone know anything more about this?

Upvotes: 1

Views: 1645

Answers (1)

Ollhak
Ollhak

Reputation: 93

Okay, got a working solution. There were two problems:

  1. Passing an empty MemoryMappedFileSecurity object to MemoryMappedFile.CreateNew() made the mapped memory inaccessible even to the same process. That explained my error in my comment ("System.UnauthorizedAccessException: Access to the path is denied").

  2. I couldn't actually get security.SetSecurityDescriptorSddlForm to work (and even though google reveals several other attempts at this, none of them worked for me). Instead, I used this solution: https://stackoverflow.com/a/14424623/5105846. As far as I can tell, it does the same thing, but using PInvoke instead. So I just called InterProcessSecurity.SetLowIntegrityLevel(file.SafeMemoryMappedFileHandle), and it made it accessible from the low-integrity child process. Success!

Not the perfect solution, but a working one is all I need for now. Thanks Harry for your help!

Upvotes: 2

Related Questions