0

I am writing an IE plugin (32bit ActiveX dll) for Win7/Win10/Vista to record data from one or more remote IP camera(s).

Recording to some target directories (mostly in NTFS partition and/or on USB devices) are not successful due to 

fopen_s(&fp, filename, "wb") == EACCES
GetLastError()==ERROR_FILE_NOT_FOUND or ERROR_ACCESS_DENIED.

Actually there is no such file under the target directory. Disable "protected mode" in IE(11), and there won't be such a problem.

I've read this article

Techniques to save files from ActiveX (protected mode IE)

and this article

Windows Vista Application Development Requirements for User Account Control Compatibility https://msdn.microsoft.com/en-us/library/bb530410.aspx

However I still have the following requirements:

  1. The plugin saves real-time streams. Saving to a temp directory first and copying to target directoy afterward is not user-friendly.
  2. The plugin saves snapshots by pressing web page buttons and doesn't want to prompt annoying "SaveAs" dialog each time;
  3. Since the IP camera is DHCP-ed, I can not simply add its IP to the "local intranet zone" to avoid "protected mode".

Since the plugin has an installation program where it is granted with administrator right. Any modification could be done during the installation process.

Is there any method to solve this issue? Or the requirements are not valid due to security issue?

Community
  • 1
  • 1
user1547688
  • 121
  • 1
  • 8

1 Answers1

0

You only have two choices here:

1) You can write to a location that your control has permissions to, such as AppData/LocalLow

2) You can launch another .exe file which has been given an Elevation Policy which allows it to start from a low integrity process in medium integrity mode and have it do the saving. It will still be limited to places where the user's account can write.

The first is by far the simplest, but as you say it results in sometimes a less than ideal saving location. The second is much more work, requiring cross-process communication and making sure that the process is cleaned up properly, but it does allow you to register.

From the microsoft website:

To illustrate, the following policy would silently elevate a fictional broker called contoso.exe to medium integrity level.

HKEY_LOCAL_MACHINE
SOFTWARE
Microsoft
Internet Explorer
Low Rights
ElevationPolicy
{0002df01-0000-0000-c000-000000000046}
AppName="Contoso.exe"
AppPath="C:\%USERPROFILE%\Application Data\Contoso"
Policy=(DWORD) 00000003

Note For security reasons, Internet Explorer in Protected Mode ignores parameters that change the working directory of createProcess, createProcessAsUser, and related functions. If your process must accept working directory parameters, use a logical XOR operation to add 0x80000 to the value of the Policy setting of the elevation policy for your application. Be aware that this can create a security risk; as a result, it is strongly discouraged.

If Microsoft determines that an application has a vulnerability and presents a danger to end users, Microsoft reserves the right to remove that application at any time from the elevation policy.

You can also create broker processes to access high integrity objects. For information describing how to launch broker processes with a high integrity level, please see the Guidelines for Administrative User Applications section of Developer Best Practices and Guidelines for Applications in a Least Privileged Environment. Note that you do not need to create an elevation policy because UAC will handle the elevation.

If your existing extension uses rundll32.exe to host a DLL library, you can silently launch a rundll32.exe process with low integrity by adding the library's file name to the following key.

taxilian
  • 14,229
  • 4
  • 34
  • 73