I'm writing something like this. Currently I'm running user processes with CreateProcess calls. I kill the process if it goes on longer, the duration of the specified time but I do not know how to refuse to read / write / process the process of file system rights etc. The given execution can really be anything and I only have stdin / stdout permission. Apart from this, it would be great if I could turn on the memory set.
I read many articles like MSDN, such as Etc. But I am confused very fast (probably because my Win32 knowledge is extremely limited). Is it enough to call CreateProcessAsUser only and create special users with those limited privileges (and how to create such a user)
I hope that I can get it in a function call with the correct function so please help.
In addition, if you know something similar open source project then it would be great.
Thank you.
=========================================== ===============
EDIT: Hi again :) I'm still stuck with this. I did not have enough time to work on this, but I think the snemarch post is very useful. If a box is out of solution then it would be great if I do something with the snatch link, then I will post. Take a look at
and - this allows you to tune (to some extent) the process. You can use some standard rights such as SAFER_LEVELID_UNTRUSTED .
Comments
Post a Comment