1620335 - ShellExecuteByExplorer replacement

Status: NEW

(Core :: Widget, enhancement, P3)

Description

[Toshihito Kikuchi [:toshi]]

We use ShellExecuteByExplorer in three use cases.

1. To start the browser process with Med-IL if the launcher process was started with High-IL
   This was introduced as bug 1430092, following Raymond Chen's technique.

2. To open a downloaded file with the OS default application

3. To open a downloaded file with a custom application
   The case 2) and 3) were introduced as bug 1567614 and bug 1588975. The purpose is to support applications which do not work with PreferSystem32Images. Skype for Business is the only one application we're aware of so far.

On the other hand, ShellExecuteByExplorer has a problem. With VDI solution such as Citrix or Microsoft RemoteApp, or if explorer.exe is not running because of a custom shell, it just doesn't work. This was reported as bug 1602726 and bug 1615370 respectively and we added a fallback to ShellExecute if something in ShellExecuteByExplorer fails.

This means we don't have a solution if a user tries to launch Skype for Business in VDI environment, though we don't have such a report.

ShellExecuteByExplorer also impacts Thunderbird like bug 1609451.

So, we want to avoid ShellExecuteByExplorer as much as possible.

For the case 1), Microsoft folks suggested we could use CreateProcessAsUser with a token retrieved fom the current desktop session. We should definitely try that.

For the case 2), there is no known solution except bug 1605308: the case where a downloaded file is an executable.

For the case 3), Probably we can simply use CreateProcess with UpdateProcThreadAttribute to prevent some mitigation policies from being inherited. We should try this, too.

Comment 1

[Toshihito Kikuchi [:toshi]]

I tried 1), but unfortunately it didn't suit our need. WTSQueryUserToken they suggested to use requires the LocalSystem account and the SE_TCB_NAME privilege. We can't use it from a normal high-IL process.