Printable View
Logged in user SID, not 'user token SID' whatever it is. And regarding 'do they?', I believe the answer is quite apparent. Yes, they do. Do load user's hive under textual SID name. I'm not sure what do you mean by 'security breach', but the key access is granted for SYSTEM, Administrators and user himself. Nobody else. Do you see any problem with security here?Quote:
So do they [at Microsoft] name registry keys with those text versions of user token SIDs?
Yes, I thought Microsoft were striving to achieve user account isolation with each new release of Windows. In this case, an unprivileged process can obtain a path to another user account (like your code has illustrated). And that's what I meant by a security breach. Before you posted your code I was about to reply that I was unable to find a solution to something that is impossible, but you beat me to it... Your approach was very cool though.Quote:
Originally Posted by Igor Vartanov
Sorry, but I still don't get it. Do you or don't you see a problem when user's hive is accessible for SYSTEM and Administrators? Are those 'unprivileged' or not in your vision of ideal security?