2

I would like to call Process.Start with some user having limited-privilege because the run program may contain malicious code. Here I think Everyone should be right to try first and I think that it does not have any associated password.

However the following code will complain about incorrect username or password (of course the username does exist, so looks like it's about the password):

var startInfo = new ProcessStartInfo("some_exe");
startInfo.WorkingDirectory = Environment.CurrentDirectory;
startInfo.UserName = "Everyone";
startInfo.Domain = "mydomain";
startInfo.UseShellExecute = false;
Process.Start(startInfo);

If this is not possible, I have to somehow dynamically create an user account having limited-privilege with full username/password to use for Process.Start.

In .NET core, we cannot use AppDomain to create sandbox, the only recommended approach here is to try branching another process with less/limited privileged.

Hopeless
  • 4,397
  • 5
  • 37
  • 64
  • The SID `Everyone` is not a user, it's a special sid (a bit like a group). So you can't use it to "run as". You need to create a user specifically for that purpose. – Ben Mar 19 '19 at 09:00

2 Answers2

2

The SID Everyone is not a user, it's a special system SID (a bit like a group). So you can't use it to "run as".

You need to create a user specifically for that purpose.

Ben
  • 34,935
  • 6
  • 74
  • 113
  • thank you, this does make sense so that I will go ahead with using a specific user account instead. If you have some solution to dynamically create such a user (as less as privilege as possible), that would be appreciated. – Hopeless Mar 19 '19 at 09:06
1

You should specify the domain name as well, or user name in UPN format, user@DNS_domain_name, according to MSDN. Also, WorkingDirectory must be set

Pavel Anikhouski
  • 21,776
  • 12
  • 51
  • 66
  • sorry that I did not add some missing code. Actually without `domain` provided, the error message is different (something like `bad data received`). I've also tried providing the `WorkingDirectory` as updated. – Hopeless Mar 19 '19 at 09:00
  • @Hopeless the problem was already answered, you can't use 'Everyone`. [There](https://stackoverflow.com/questions/3729406/create-local-user-account) is a thread how to create a local user account – Pavel Anikhouski Mar 19 '19 at 09:10
  • your link about `create a local user account` seems to target .NET, but here my code targets .NET core. – Hopeless Mar 19 '19 at 09:32
  • @Hopeless you should use .NET platform extensions to get these API available in .net core – Pavel Anikhouski Mar 19 '19 at 09:41
  • thank you for your suggestion, I've not known of any equivalent extensions which can be referenced in .NET core project using nuget except one package named `System.IO.FileSystem.AccessControl` but its purpose is different (dealing with files rather than with user account). – Hopeless Mar 19 '19 at 10:08
  • 1
    @Hopeless You need reference to `System.DirectoryServices.AccountManagement`. It's a part of [this](https://www.nuget.org/packages/Microsoft.Windows.Compatibility) package. [This](https://msdn.microsoft.com/en-us/magazine/mt814807.aspx) article explains a little bit about compatibility – Pavel Anikhouski Mar 19 '19 at 10:17
  • thank you for that link, it's really helpful. However creating a new user account is not all the issues. Actually I've just tried in .NET first to see if the program run by `Process.Start` can be constrained by the associated user account. But looks like it's not :( I'm going to add a new question for this new strange issue. – Hopeless Mar 19 '19 at 10:29