ShellExecuteByExplorer replacement
Categories
(Core :: Widget, enhancement, P3)
Tracking
()
People
(Reporter: toshi, Unassigned)
References
(Depends on 1 open bug)
Details
We use ShellExecuteByExplorer
in three use cases.
-
To start the browser process with Med-IL if the launcher process was started with High-IL
This was introduced as bug 1430092, following Raymond Chen's technique. -
To open a downloaded file with the OS default application
-
To open a downloaded file with a custom application
The case 2) and 3) were introduced as bug 1567614 and bug 1588975. The purpose is to support applications which do not work withPreferSystem32Images
. Skype for Business is the only one application we're aware of so far.
On the other hand, ShellExecuteByExplorer
has a problem. With VDI solution such as Citrix or Microsoft RemoteApp, or if explorer.exe is not running because of a custom shell, it just doesn't work. This was reported as bug 1602726 and bug 1615370 respectively and we added a fallback to ShellExecute
if something in ShellExecuteByExplorer
fails.
This means we don't have a solution if a user tries to launch Skype for Business in VDI environment, though we don't have such a report.
ShellExecuteByExplorer
also impacts Thunderbird like bug 1609451.
So, we want to avoid ShellExecuteByExplorer
as much as possible.
For the case 1), Microsoft folks suggested we could use CreateProcessAsUser
with a token retrieved fom the current desktop session. We should definitely try that.
For the case 2), there is no known solution except bug 1605308: the case where a downloaded file is an executable.
For the case 3), Probably we can simply use CreateProcess
with UpdateProcThreadAttribute
to prevent some mitigation policies from being inherited. We should try this, too.
Reporter | ||
Comment 1•4 years ago
|
||
I tried 1), but unfortunately it didn't suit our need. WTSQueryUserToken
they suggested to use requires the LocalSystem account and the SE_TCB_NAME
privilege. We can't use it from a normal high-IL process.
Reporter | ||
Updated•4 years ago
|
Description
•