Escalating Privileges

[manekineko]

I'm asking in another thread on how to setup my application to catch and handle mailto links clicked through a browser or elsewhere in the system.

Presumably, whatever the answer is to that is going to require system level access, which would mean a UAC dialog pop up on Vista/Windows 7 or the equivalent on Linux and OSX. What's the best way to setup an application to request a privilege escalation?

Overall, there's no reason for my email program to always be running as administrator, and in fact that'd obviously be a horrible idea. However, when a dialog box pops up asking whether the user wants to set it as the default email program, I'm guessing it would be necessary at that time to escalate privileges. How can this be done?

[wysota]

I think on Linux you have to deal with PolicyKit or some equivalent. And you can always use some IPC mechanism to communicate with a process that has the required privileges to fill the job for you.

[squidge]

Have you read the official documentation yet?

http://msdn.microsoft.com/en-us/libr...8VS.85%29.aspx

[manekineko]

Have you read the official documentation yet?

http://msdn.microsoft.com/en-us/libr...8VS.85%29.aspx

Well, that's for setting the start menu link, not the mailto handler, but I get your point.

I was really hoping there would be a cross platform way to do these tasks, but it looks like for both of these I'm going to have to use a lot of #ifdefs and searching through platform specific documentation.

I think on Linux you have to deal with PolicyKit or some equivalent. And you can always use some IPC mechanism to communicate with a process that has the required privileges to fill the job for you.

When you say communicate with a process that has the required privileges, is this normally handled by having a second executable that is somehow marked as requiring privilege escalation that is called whenever escalation is needed to perform the escalated task?

[wysota]

When you say communicate with a process that has the required privileges, is this normally handled by having a second executable that is somehow marked as requiring privilege escalation that is called whenever escalation is needed to perform the escalated task?

There has to be a process with required privileges (like running as root or some other user that has required rights) that you order to do some task for you. I think that is also how PolicyKit works. In Unix world there is no way to grant any rights to an already running process, you can only revoke them.

[squidge]

Well, that's for setting the start menu link, not the mailto handler, but I get your point.

Once your in the start menu, you are registered as the default application. Therefore it will include the mailto: handler, as that just uses the default application.

[manekineko]

I've been peering at the Windows documentation out there, and I cannot believe how difficult it is to escalate within a program.

It seems like I have two choices:
1) Use COM objects (I don't even really know what those are) and somehow integrate them into my QT program (if even possible), which can spawn a new process that's running at elevated privileges.
2) Create a second QT executable, and somehow (not sure if this is even possible) bundle a manifest file inside of it, or if that's not possible, sit a manifest file next to it in the same directory. This manifest file will mark the executable as requiring elevated privileges, and I'll call this second executable using a new QProcess.

The first option sounds preferable, as it avoids detracting from the user experience by dumping unnecessary extra files all over the program directory, but it sounds much harder. The second option sounds real ugly, but it'll get the job done.

Does this sound about right? Has anyone here ever actually made a QT program compatible with UAC who can share how they did it with me?

Thanks in advance.

[ChrisW67]

Create a second QT executable, and somehow (not sure if this is even possible) bundle a manifest file inside of it, or if that's not possible, sit a manifest file next to it in the same directory. This manifest file will mark the executable as requiring elevated privileges, and I'll call this second executable using a new QProcess.

I have some good news, and some not so good.

• Yes, bundling a manifest requesting elevate privileges is possible. I do it for a program that grabs a hardware ID (Vista fakes the MAC address for user accounts).
• Spawning the program requesting elevation is hit-and-miss

The second point needs explanation. In my testing the unprivileged program could launch the privileged one if the user was a Vista administrator and could obtain an admin credential. If the user is a Vista unprivileged user then the attempt to execute the executable that requests escalation would silently fail regardless of the fact that the user could manually run it and be prompted for escalation. I also found that it mattered which method you used to launch the app: shell execute vs CreateProcess (although I cannot remember which worked best). In the end I opted to direct the user to manually run the program.

Another approach for you might be to install a Windows service running with elevated privileges and talk to that from user-land to have your will done. This is how many background update processes are done I expect.