How To Detect If The Command Prompt Is Running Elevated

As I was setting up my Console2 shell tabs I was curious if running Console2 as an administrator would transfer the elevated privileges token to the tabs as well.

Turns out detecting this was not as straightforward as I thought it would be!

TL;DR

If you need to know how to detect if the command prompt is running elevated (or your script) use the following command:

whoami /groups

If the output contains these lines the process is running elevated:

Mandatory Label\High Mandatory Level Label            S-1-16-12288
                    Mandatory group, Enabled by default, Enabled group

The Long Answer

With the addition of User Account Control to Windows Vista the platform gained integrity levels – an integrity level indicates how much an application can be trusted to perform  actions on the system, e.g. accessing files or the registry and interacting with other processes. By adding this additional security feature to the OS it now has another indicator to help isolate (sandbox) programs and prevent them from going rogue on your system. Very cool!

The following integrity levels are supported:

• Untrusted – processes that are logged on anonymously are automatically designated as Untrusted
• Low – The Low integrity level is the level used by default for interaction with the Internet. As long as Internet Explorer is run in its default state, Protected Mode, all files and processes associated with it are assigned the Low integrity level. Some folders, such as the Temporary Internet Folder, are also assigned the Low integrity level by default.
• Medium – Medium is the context that most objects will run in. Standard users receive the Medium integrity level, and any object not explicitly designated with a lower or higher integrity level is Medium by default.
• High – Administrators are granted the High integrity level. This ensures that Administrators are capable of interacting with and modifying objects assigned Medium or Low integrity levels, but can also act on other objects with a High integrity level, which standard users can not do.
• System – As the name implies, the System integrity level is reserved for the system. The Windows kernel and core services are granted the System integrity level. Being even higher than the High integrity level of Administrators protects these core functions from being affected or compromised even by Administrators.
• Installer – The Installer integrity level is a special case and is the highest of all integrity levels. By virtue of being equal to or higher than all other WIC integrity levels, objects assigned the Installer integrity level are also able to uninstall all other objects.

 

For more info see the Windows Integrity Mechanism Design.

Building Software, Evil and Getting Things Done

Jeff Atwood  wrote a passionate blog entry about Craigslist and the demise of the Personals section (amongst others) now that Evil forces have taken over with the help of ever more sophisticated tools and creative solutions. Wouldn't you agree such is the natural result of the open approach used by Craigslist? Anyone can post an ad. If they had not taken this approach Craigslist would not have been so successful. Lowering the bar for getting your classifieds in meant getting more ads, because everybody could do it, without having to sign away their life. Just like tourist destinations attract pickpockets (and loose women?), open high-traffic websites attract spammers.

Craigslist was a great idea. A great idea that became more than just an idea, it actually got implemented. Maybe the implementation was not perfect by today's standards but it worked and has paid the bills for over thirteen years! A proper threat-modeling session in the early days would surely have brought these issues to light, and business-need would have overruled security/abuse. Unfortunately this business model might have seen its' longest days by now.

Nowadays such openness is no longer feasible. Spammers and crackers are abusing the system every which way they can for personal gain forcing our software solutions to be able to handle every known attack angle and mitigate the future ones as much as possible. Any programmer that takes himself seriously should invest in getting properly educated on the security aspects of programming. Not just because he should create solid code, but because sooner or later it will become a liability. Everybody with a little knack for logic and the ability to use google can cut and paste together a piece of software. Creativity and innovation flourishes! But... would you send your kids out on the road in an innovative car with no brakes? I think not!

When you make a living writing business software there is a constant struggle between getting things done, and getting them done right. Being able to get things done right generally means you already need to know how to do them right because there is no time to search the web all day for the perfect solution, that deadline is approaching fast. What's worse, you might not even be aware there is a problem with the chosen implementation. If you are a contractor, do you invest in your security education, or do you focus on getting up to speed on the latest fizz-buzzwords? If you are a wage-slave, does your company invest in your education, or are you merely a mindless implementer of business requirements? Do you invest in yourself?

Invest in yourself!

How do I invest in myself? Personally I still prefer a good book over online reading. The author of a book has put an effort into putting together a cohesive set of information to help you advance. When you randomly pull a single chapter out of a book you generally miss context or concepts. Browsing the web is like pulling a subtract of a chapter out of a giant book and all the other related information goes wasted on you. You get a quick answer to a specific detail to a problem, but never get to grasp the whole problem. When I do decide to stick with using the free online resources I make sure I do my research properly; Follow links, make sure I get the context. Granted, most bloggers/authors on the web put a lot of effort into their content, slowly weaving a never-ending book online, but that is not the same as having a book covering a specific topic. :) (Some day we might all go the way of the Kindle, but I prefer the feeling of a solid paper book.)

In the end we are all responsible for the solutions we produce, so next time you get to implement a great idea make sure you (know how to) do some threat-modeling first (online, book). That shortcut you were about to take might have changed the fate of the planet!