Working with dll i got into a situation where loading a dll can cause security threat.
lets say for example when you load a DLL, it gets same access privilege as the calling process.
So if calling process is running with Admin privilege the loaded dll gets the elevated privilege of admin. Which could be a threat to system.

So is there any way of specifying at the time of loading a dll about the priviliges.
OR How can we load a DLL with lower privileges level.

Edited by tajendra: n/a

6 Years
Discussion Span
Last Post by vijayan121

Well, the DLL code will have complete access to the address space of the process.
Access to external resources (files etc) can be restricted by loading it into a sandbox.

Get an impersonation token with limited access rights/privileges

In a thread of your process, impersonate the user with limited access

Load the library, make all library function calls and unload the library from threads with impersonation turned on.

Caveat: I know nothing (absolutely nothing) about any Windows OS after XP; the above may or may not apply to Vista and the like.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.