Re: Mapping memory across user accounts in XP

In general, granting such a permissive DACL as that is dangerous. Any malicious user with minimum privileges on the computer running your software could interfere with the operation of your program (perhaps crashing it or whatnot, depending on how rigorously you validate the data in the shared section object). Additionally, there is a DoS potential as a malicious user could rewrite the DACL of your named section object to deny access to other users.

--

Ken Johnson (Skywing)
Windows SDK MVP
http://www.nynaeve.net
"Jari Aalto" <JariAalto@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:9720372E-FD98-4E67-B61B-1988F6D1D275@xxxxxxxxxxxxxxxx
I am trying to use memory mapped files (backed in page file) for sharing
memory between processes.

It works fine as long as the processes are living under same user account.
However when they are under different user accounts they get own instance of
same named mapping object.

I have also tried to use SYSTEM_ATTRIBUTES parameter of CreateFileMapping()
with following code but with no help
Both users in test are members of Administrator group

First instance under User1 --> bAlreadyExists = 0
Second instance under User1 --> bAlreadyExists = 1
First instance under User2 --> bAlreadyExists = 0


// Create security attributes granting GENERIC_ALL access to everyone.
SECURITY_DESCRIPTOR sd;
InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION);

PSID psidEveryone;
SID_IDENTIFIER_AUTHORITY siauth = SECURITY_WORLD_SID_AUTHORITY;
AllocateAndInitializeSid(&siauth, 1, SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0,
0, &psidEveryone);

DWORD dwAclSize = sizeof(ACL) + offsetof(ACCESS_ALLOWED_ACE, SidStart) +
GetLengthSid(psidEveryone);
PACL pAcl = (PACL)malloc(dwAclSize);
InitializeAcl(pAcl, dwAclSize, ACL_REVISION);
AddAccessAllowedAce(pAcl, ACL_REVISION, GENERIC_ALL, psidEveryone);

SetSecurityDescriptorDacl(&sd, TRUE, pAcl, FALSE);

SECURITY_ATTRIBUTES sa = { sizeof(sa), &sd, FALSE };

hMapFile = CreateFileMapping(
INVALID_HANDLE_VALUE,
&sa,
PAGE_READWRITE,
0,
iMapSize,
szMapName ) ;

if (hMapFile == NULL)
{
printf("CreateFileMapping failed\n");
return 0;
}

bAlreadyExists = GetLastError()==ERROR_ALREADY_EXISTS;
printf("CreateFileMapping Ok, bAlreadyExists = %d\n", bAlreadyExists);


I have also tried
hMapFile = OpenFileMapping( FILE_MAP_ALL_ACCESS, TRUE,szMapName ) ;
for second and third instance and it also works under User1 but does not
work under User2


.