subject:"Re\: \[Interest\] A QThread question..."

Re: [Interest] A QThread question...

2015-10-23 Thread NoMercy

Well, I've tried but it doesn't work even though there is no errors, you
can not get data from user space (in this case I'm trying to get user
screen) :(



On Thu, Oct 22, 2015 at 9:14 AM, Koehne Kai <kai.koe...@theqtcompany.com>
wrote:

>
>
> > -Original Message-
> > From: interest-bounces+kai.koehne=theqtcompany@qt-project.org
> > [mailto:interest-bounces+kai.koehne=theqtcompany@qt-project.org] On
> > Behalf Of Constantin Makshin
> > Sent: Thursday, October 22, 2015 7:13 AM
> > To: Qt Interest <interest@qt-project.org>
> > Subject: Re: [Interest] A QThread question...
> >
> > The idea to run different portions of the same process as different
> users not only
> > looks weird, but is also [very] bad from security point of view — no
> matter how
> > many threads you create, they still run in the same address space so
> nothing will
> > stop one user-thread from accidentally or intentionally accessing
> another user-
> > thread's data.
>
> Sure you've to be careful, but still it's an accepted pattern on Windows.
> See e.g.
> https://msdn.microsoft.com/en-us/library/windows/desktop/aa376391%28v=vs.85%29.aspx
> .
>
> Regards
>
> Kai
>
> > On 10/21/2015 02:25 PM, NoMercy wrote:
> > > Thanks for all your replies,
> > >
> > > Currently it works like this;
> > > the service uses "CreateProcessAsUser" to runs an other process in the
> > > user session and it handles all the stuff. It was ok until now since
> > > the target systems were only single-user environments.
> > >
> > > but since we are trying to switch to multiuser environment, every new
> > > user process means a new port and stuff and more complications but if
> > > I can manage do it all from the service, it'll make a lot more sense.
> > > I just need to know if it would work reliably.
> > > I'll make some short tests today if it works in the first place but to
> > > test if it reliably runs for as long as system runs is an other matter.
> > >
> > > Thanks again for all your replies.
> > > Cheers,
> > > Emre
> > >
> > > On Wed, Oct 21, 2015 at 1:28 PM, alexander golks <a...@golks.de
> > > <mailto:a...@golks.de>> wrote:
> > >
> > > Am Wed, 21 Oct 2015 12:19:20 +0200
> > > schrieb André Somers <an...@familiesomers.nl
> > > <mailto:an...@familiesomers.nl>>:
> > >
> > > > Op 21-10-2015 om 11:48 schreef NoMercy:
> > > > > Hello everyone and thanks for you replies,
> > > > >
> > > > > I've a rather advaced question about QThreads (well advanced
> to my
> > > > > knowledge anyways)
> > > > >
> > > > > I have a Windows service that runs under System user
> (naturally) but I
> > > > > want to create and run a thread from within that service and
> change
> > > > > the token of that thread so it runs in user evironment.
> > > > >
> > > > My main question is: why? Why do you want to have a single
> process run
> > > > code as different users? To me, it feels like a hack.
> > > >
> > > > André
> > > >
> > > > ___
> > > > Interest mailing list
> > > > Interest@qt-project.org <mailto:Interest@qt-project.org>
> > > > http://lists.qt-project.org/mailman/listinfo/interest
> > >
> > > why not simply set correct user/password for this user and let
> > > windows do it for you?
> > >
> > > --
> > > /*
> > >  *"I'm not at all sure this helps you, but as you say there is
> > > nothing to be found about the problem except in czech and my
> attempt
> > > att "babelfishing" failed miserably"
> > >  *
> > >  *Husse Jul 30 2007
> > >  */
>
> ___
> Interest mailing list
> Interest@qt-project.org
> http://lists.qt-project.org/mailman/listinfo/interest
>
___
Interest mailing list
Interest@qt-project.org
http://lists.qt-project.org/mailman/listinfo/interest

Re: [Interest] A QThread question...

2015-10-22 Thread Koehne Kai



> -Original Message-
> From: interest-bounces+kai.koehne=theqtcompany@qt-project.org
> [mailto:interest-bounces+kai.koehne=theqtcompany@qt-project.org] On
> Behalf Of Constantin Makshin
> Sent: Thursday, October 22, 2015 7:13 AM
> To: Qt Interest <interest@qt-project.org>
> Subject: Re: [Interest] A QThread question...
> 
> The idea to run different portions of the same process as different users not 
> only
> looks weird, but is also [very] bad from security point of view — no matter 
> how
> many threads you create, they still run in the same address space so nothing 
> will
> stop one user-thread from accidentally or intentionally accessing another 
> user-
> thread's data.

Sure you've to be careful, but still it's an accepted pattern on Windows. See 
e.g.  
https://msdn.microsoft.com/en-us/library/windows/desktop/aa376391%28v=vs.85%29.aspx
 .

Regards

Kai

> On 10/21/2015 02:25 PM, NoMercy wrote:
> > Thanks for all your replies,
> >
> > Currently it works like this;
> > the service uses "CreateProcessAsUser" to runs an other process in the
> > user session and it handles all the stuff. It was ok until now since
> > the target systems were only single-user environments.
> >
> > but since we are trying to switch to multiuser environment, every new
> > user process means a new port and stuff and more complications but if
> > I can manage do it all from the service, it'll make a lot more sense.
> > I just need to know if it would work reliably.
> > I'll make some short tests today if it works in the first place but to
> > test if it reliably runs for as long as system runs is an other matter.
> >
> > Thanks again for all your replies.
> > Cheers,
> > Emre
> >
> > On Wed, Oct 21, 2015 at 1:28 PM, alexander golks <a...@golks.de
> > <mailto:a...@golks.de>> wrote:
> >
> > Am Wed, 21 Oct 2015 12:19:20 +0200
> > schrieb André Somers <an...@familiesomers.nl
> > <mailto:an...@familiesomers.nl>>:
> >
> > > Op 21-10-2015 om 11:48 schreef NoMercy:
> > > > Hello everyone and thanks for you replies,
> > > >
> > > > I've a rather advaced question about QThreads (well advanced to my
> > > > knowledge anyways)
> > > >
> > > > I have a Windows service that runs under System user (naturally) 
> > but I
> > > > want to create and run a thread from within that service and change
> > > > the token of that thread so it runs in user evironment.
> > > >
> > > My main question is: why? Why do you want to have a single process run
> > > code as different users? To me, it feels like a hack.
> > >
> > > André
> > >
> > > ___
> > > Interest mailing list
> > > Interest@qt-project.org <mailto:Interest@qt-project.org>
> > > http://lists.qt-project.org/mailman/listinfo/interest
> >
> > why not simply set correct user/password for this user and let
> > windows do it for you?
> >
> > --
> > /*
> >  *"I'm not at all sure this helps you, but as you say there is
> > nothing to be found about the problem except in czech and my attempt
> > att "babelfishing" failed miserably"
> >  *
> >  *Husse Jul 30 2007
> >  */

___
Interest mailing list
Interest@qt-project.org
http://lists.qt-project.org/mailman/listinfo/interest

Re: [Interest] A QThread question...

2015-10-21 Thread Constantin Makshin

The idea to run different portions of the same process as different
users not only looks weird, but is also [very] bad from security point
of view — no matter how many threads you create, they still run in the
same address space so nothing will stop one user-thread from
accidentally or intentionally accessing another user-thread's data.

On 10/21/2015 02:25 PM, NoMercy wrote:
> Thanks for all your replies,
> 
> Currently it works like this;
> the service uses "CreateProcessAsUser" to runs an other process in the
> user session and it handles all the stuff. It was ok until now since the
> target systems were only single-user environments.
> 
> but since we are trying to switch to multiuser environment, every new
> user process means a new port and stuff and more complications but if I
> can manage do it all from the service, it'll make a lot more sense.
> I just need to know if it would work reliably.
> I'll make some short tests today if it works in the first place but to
> test if it reliably runs for as long as system runs is an other matter.
> 
> Thanks again for all your replies.
> Cheers,
> Emre
> 
> On Wed, Oct 21, 2015 at 1:28 PM, alexander golks  > wrote:
> 
> Am Wed, 21 Oct 2015 12:19:20 +0200
> schrieb André Somers  >:
> 
> > Op 21-10-2015 om 11:48 schreef NoMercy:
> > > Hello everyone and thanks for you replies,
> > >
> > > I've a rather advaced question about QThreads (well advanced to my
> > > knowledge anyways)
> > >
> > > I have a Windows service that runs under System user (naturally) but I
> > > want to create and run a thread from within that service and change
> > > the token of that thread so it runs in user evironment.
> > >
> > My main question is: why? Why do you want to have a single process run
> > code as different users? To me, it feels like a hack.
> >
> > André
> >
> > ___
> > Interest mailing list
> > Interest@qt-project.org 
> > http://lists.qt-project.org/mailman/listinfo/interest
> 
> why not simply set correct user/password for this user and let
> windows do it for you?
> 
> --
> /*
>  *"I'm not at all sure this helps you, but as you say there is
> nothing to be found about the problem except in czech and my attempt
> att "babelfishing" failed miserably"
>  *
>  *Husse Jul 30 2007
>  */



signature.asc
Description: OpenPGP digital signature
___
Interest mailing list
Interest@qt-project.org
http://lists.qt-project.org/mailman/listinfo/interest

Re: [Interest] A QThread question...

2015-10-21 Thread André Somers

Op 21-10-2015 om 11:48 schreef NoMercy:
> Hello everyone and thanks for you replies,
>
> I've a rather advaced question about QThreads (well advanced to my 
> knowledge anyways)
>
> I have a Windows service that runs under System user (naturally) but I 
> want to create and run a thread from within that service and change 
> the token of that thread so it runs in user evironment.
>
My main question is: why? Why do you want to have a single process run 
code as different users? To me, it feels like a hack.

André

___
Interest mailing list
Interest@qt-project.org
http://lists.qt-project.org/mailman/listinfo/interest

Re: [Interest] A QThread question...

2015-10-21 Thread alexander golks

Am Wed, 21 Oct 2015 12:19:20 +0200
schrieb André Somers :

> Op 21-10-2015 om 11:48 schreef NoMercy:
> > Hello everyone and thanks for you replies,
> >
> > I've a rather advaced question about QThreads (well advanced to my 
> > knowledge anyways)
> >
> > I have a Windows service that runs under System user (naturally) but I 
> > want to create and run a thread from within that service and change 
> > the token of that thread so it runs in user evironment.
> >
> My main question is: why? Why do you want to have a single process run 
> code as different users? To me, it feels like a hack.
> 
> André
> 
> ___
> Interest mailing list
> Interest@qt-project.org
> http://lists.qt-project.org/mailman/listinfo/interest

why not simply set correct user/password for this user and let windows do it 
for you?

-- 
/*
 *"I'm not at all sure this helps you, but as you say there is nothing to be 
found about the problem except in czech and my attempt att "babelfishing" 
failed miserably"
 *
 *Husse Jul 30 2007
 */


signature.asc
Description: PGP signature
___
Interest mailing list
Interest@qt-project.org
http://lists.qt-project.org/mailman/listinfo/interest

Re: [Interest] A QThread question...

2015-10-21 Thread Bo Thorsen

Den 21-10-2015 kl. 11:48 skrev NoMercy:
> Hello everyone and thanks for you replies,
>
> I've a rather advaced question about QThreads (well advanced to my
> knowledge anyways)
>
> I have a Windows service that runs under System user (naturally) but I
> want to create and run a thread from within that service and change the
> token of that thread so it runs in user evironment.
>
> and to do so, I thought of something like this;
> get QThread::currentThreadId -- Documentation says do not use it but?
> get handle of that thread by OpenThread(threadID)
> and use SetThreadToken to move thread to user space.
>
> I'm using 4.8.6 btw
>
> do you think it is possible?
> is this approach safe?
> would it be stable?
> any possible implications?
> if it works, would my main thread can still comunicate through
> signals/slots?

If you are going to do native stuff to the threads, then I think you 
would be wise to create the thread with the native windows calls for it 
instead of trying to bend a QThread to the rules.

The whole notion of threads running as a separate user feels like such a 
dirty solution anyway, and QThread might muddy the waters even more. For 
example, signal from one user thread to a slot in a thread running as 
another user... It just gets weird.

Keep it simple, create the thread yourself and separate this completely.

Bo Thorsen,
Director, Viking Software.

-- 
Viking Software
Qt and C++ developers for hire
http://www.vikingsoft.eu
___
Interest mailing list
Interest@qt-project.org
http://lists.qt-project.org/mailman/listinfo/interest

Re: [Interest] A QThread question...

2015-10-21 Thread NoMercy

Thanks for all your replies,

Currently it works like this;
the service uses "CreateProcessAsUser" to runs an other process in the user
session and it handles all the stuff. It was ok until now since the target
systems were only single-user environments.

but since we are trying to switch to multiuser environment, every new user
process means a new port and stuff and more complications but if I can
manage do it all from the service, it'll make a lot more sense.
I just need to know if it would work reliably.
I'll make some short tests today if it works in the first place but to test
if it reliably runs for as long as system runs is an other matter.

Thanks again for all your replies.
Cheers,
Emre

On Wed, Oct 21, 2015 at 1:28 PM, alexander golks  wrote:

> Am Wed, 21 Oct 2015 12:19:20 +0200
> schrieb André Somers :
>
> > Op 21-10-2015 om 11:48 schreef NoMercy:
> > > Hello everyone and thanks for you replies,
> > >
> > > I've a rather advaced question about QThreads (well advanced to my
> > > knowledge anyways)
> > >
> > > I have a Windows service that runs under System user (naturally) but I
> > > want to create and run a thread from within that service and change
> > > the token of that thread so it runs in user evironment.
> > >
> > My main question is: why? Why do you want to have a single process run
> > code as different users? To me, it feels like a hack.
> >
> > André
> >
> > ___
> > Interest mailing list
> > Interest@qt-project.org
> > http://lists.qt-project.org/mailman/listinfo/interest
>
> why not simply set correct user/password for this user and let windows do
> it for you?
>
> --
> /*
>  *"I'm not at all sure this helps you, but as you say there is nothing to
> be found about the problem except in czech and my attempt att
> "babelfishing" failed miserably"
>  *
>  *Husse Jul 30 2007
>  */
>
> ___
> Interest mailing list
> Interest@qt-project.org
> http://lists.qt-project.org/mailman/listinfo/interest
>
>
___
Interest mailing list
Interest@qt-project.org
http://lists.qt-project.org/mailman/listinfo/interest

Re: [Interest] A QThread question...

Re: [Interest] A QThread question...

Re: [Interest] A QThread question...

Re: [Interest] A QThread question...

Re: [Interest] A QThread question...

Re: [Interest] A QThread question...

Re: [Interest] A QThread question...

7 matches

Site Navigation

Mail list logo

Footer information