Hi > Can you have a quick chat with Antranig and/or Brendan to refresh ourselves on what the best approach for securing a conversation between the lower-priviledged GPII process and a higher-priviledged IoD client process? We've talked about this a few times in the past. - Colin x
Yes, (this on the client) Background: The original requirement is storing a secret on the computer that the user (Joe Public) can't access, but GPII can (there is also another requirement of GPII needing to do Admin-level tasks). Bearing in mind that GPII runs as the local user, and will have the same access permissions as the user. So, it needs to be another process. This process can't be started by GPII because to run as another user on Windows you need the password - can't store it without the user also seeing it, and Windows doesn't have setuid. We now have a privileged process (a Service, started by the OS) which can, to some extent, be controlled by GPII. Whichever method GPII uses to connect to this service, another process can use. The solution: Service opens a pipe, connects to both ends, spawns GPII as a normal user which inherits one end of the pipe. (like stdin/out). The service knows it's talking to GPII (rather than another process) because: 1. It opened the client end of the pipe itself. 2. It started GPII itself. More info: https://issues.gpii.net/browse/GPII-2399 (the answer is at the bottom) The implementation: https://github.com/stegru/windows/blob/GPII-2338/service/src/gpii-ipc.js (not reviewed) How does this fit in with IoD? (I admit, I've only just started to think about this) 1. The GPII Service and IoD Service are both running as Administrator (actually, higher). 2. Windows starts these, GPII Service starts GPII App as above. 3a. GPII Service and IoD Service can establish a connection using (for example) a shared secret that the desktop user can't see. 4a. GPII App has the urge for IoD, so asks the GPII Service to ask the IoD Service to install something. OR 3b. GPII Service can provide a shared secret to IoD Service and GPII App 4b. GPII App can speak directly to IoD Service, using the shared secret. Steve.
_______________________________________________ Architecture mailing list [email protected] https://lists.gpii.net/mailman/listinfo/architecture
