diff options
| author | alexeypa@chromium.org <alexeypa@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-05-26 04:33:52 +0000 |
|---|---|---|
| committer | alexeypa@chromium.org <alexeypa@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-05-26 04:33:52 +0000 |
| commit | 3ea38a8008900b4a6504e7e4f8c47e38c94c9ec6 (patch) | |
| tree | 6e51ef99000514487a99abb36444ce8f749c77ab | |
| parent | 8c67083771dd35498e832fa241aa3adb815b47e9 (diff) | |
| download | chromium_src-3ea38a8008900b4a6504e7e4f8c47e38c94c9ec6.zip chromium_src-3ea38a8008900b4a6504e7e4f8c47e38c94c9ec6.tar.gz chromium_src-3ea38a8008900b4a6504e7e4f8c47e38c94c9ec6.tar.bz2 | |
Set a security descriptor allowing SYSTEM, built-in adminitrators and interactive users to call Chromoting Host Controller methods. This enables so-called "Over-The-Shoulder (OTS) Elevation". See http://msdn.microsoft.com/en-us/library/windows/desktop/ms679687(v=vs.85).aspx for details.
BUG=129477
Review URL: https://chromiumcodereview.appspot.com/10451005
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@139180 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | remoting/host/installer/chromoting.wxs | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/remoting/host/installer/chromoting.wxs b/remoting/host/installer/chromoting.wxs index ef6b1b3..7f1ce86 100644 --- a/remoting/host/installer/chromoting.wxs +++ b/remoting/host/installer/chromoting.wxs @@ -25,6 +25,19 @@ "ChromotingElevatedController.ElevatedController" ?> <?define ControllerTypelib = "{9d9a5a2c-576e-4acd-9c75-aabff74b205d}" ?> + <!-- + The long hex value below is a security descriptor that allows SYSTEM, + built-in administrators and interactive users to call methods of a COM + object (COM_RIGHTS_EXECUTE and COM_RIGHTS_EXECUTE_LOCAL). The security + descriptor was generated from SDDL definition using the PowerShell script + below: + + $sddl = "O:BAG:BAD:(A;;0x3;;;IU)(A;;0x3;;;SY)(A;;0x3;;;BA)" + $i = ([wmiclass]"Win32_SecurityDescriptorHelper").SDDLToBinarySD($sddl).BinarySD + -join ($i | foreach {$_.ToString("X2")}) + --> + <?define ControllerSd = "010004805C0000006C00000000000000140000000200480003000000000014000300000001010000000000050400000000001400030000000101000000000005120000000000180003000000010200000000000520000000200200000102000000000005200000002002000001020000000000052000000020020000" ?> + <?ifndef FileSource ?> <?error FileSource must be defined ?> <?endif?> @@ -175,6 +188,9 @@ <RegistryKey Key="$(var.ControllerAppid)" Action="create"> <RegistryValue Type="string" Value="ChromotingElevatedController"/> + <RegistryValue Name="AccessPermission" + Type="binary" + Value="$(var.ControllerSd)"/> </RegistryKey> <RegistryKey Key="$(var.ControllerBinary)" Action="create"> |