4858bb5899
To quote MSDN documentation:
> The lpApplicationName parameter can be NULL, in which case the executable
> name must be the first white space–delimited string in lpCommandLine. If
> the executable or path name has a space in it, there is a risk that a
> different executable could be run because of the way the function parses
> spaces. The following example is dangerous because the function will
> attempt to run "Program.exe", if it exists, instead of "MyApp.exe".
>
> LPTSTR szCmdline[] = _tcsdup(TEXT("C:\\Program Files\\MyApp"));
> CreateProcessAsUser(hToken, NULL, szCmdline, /*...*/ );
>
> If a malicious user were to create an application called "Program.exe" on
> a system, any program that incorrectly calls CreateProcessAsUser using the
> Program Files directory will run this application instead of the intended
> application.
>
> To avoid this problem, do not pass NULL for lpApplicationName.
So instead, we pass the executable to lpApplicationName instead, which avoids
the issue. MSDN says:
> The lpCommandLine parameter can be NULL. In that case, the function uses
> the string pointed to by lpApplicationName as the command line.
This also avoids the strdup since lpApplicationName is LPCSTR unlike
lpCommandLine which is LPSTR.
Looking Glass
An extremely low latency KVMFR (KVM FrameRelay) implementation for guests with VGA PCI Passthrough.
- Project Website: https://looking-glass.io
- Getting Started: https://looking-glass.io/wiki/Installation
Donations
I (Geoffrey McRae) am the primary developer behind this project and I have invested thousands of hours of development time into it.
If you like this project and find it useful and would like to help out you can support me directly using the following platforms.
Documentation
** IMPORTANT ** This project contains submodules that must be checked out if building from the git repository! If you are not a developer and just want to compile Looking Glass please download the source archive from the website instead:
https://looking-glass.io/downloads
Please also be sure to see the following files for more information
Note: The README.md files are slowly being deprecated from this project in
favor of the wiki at https://looking-glass.io/wiki, and as such the
information in these files may be dated.
Latest Version
If you would like to use the latest bleeding edge version of Looking Glass please be aware there will be no support at this time.
Latest bleeding edge builds of the Windows host application can be obtained from:
https://looking-glass.io/downloads
Help and support
Web
https://forum.level1techs.com/t/looking-glass-triage/130952
Discord
IRC
Join us in the #LookingGlass channel on the FreeNode network