[Bug] Drag-and-drop and logged-in users

Started by fixer, July 19, 2017, 08:07:24 PM

Previous topic - Next topic

fixer

Yet another logged-in users bug, but who counts, right? And now it's drag-and-drop. Dragging and dropping for example from explorer to isolated (and I don't mean ReHIPS isolated here, actually any program running from a user other than logged-in user) program or back may fail. OLE access rights come into play here as drag-and-drop is based on OLE via RPC. When access is checked, descriptor is read from DefaultAccessPermission from HKLM\SOFTWARE\Microsoft\OLE registry key. If it's not there, D:(A;;CCDCLC;;;PS)(A;;CCDC;;;SY)(A;;CCDCLC;;;BA)(A;;CCDC;;;AC) is taken by default. And it means explorer and the isolated program are isolated both-ways from each other. Of course it's possible to change the descriptor in the registry. But personally I don't think it's a good idea, their interaction it too close and too opaque to allow it as who knows how many security holes it may open in this poorly document mechanism.

This issue was found several months ago, it wasn't fixed then. I haven't checked it since, but I suspect it to remain broken for many years to come.