Prev: WMI to use or not to use
Next: VB6 on Windows 7 64-Bit
From: Nobody on 8 Jan 2010 14:16 "David" <dw85745NOT(a)earthlink.net> wrote in message news:uXOheYHkKHA.1536(a)TK2MSFTNGP06.phx.gbl... > Question: > > Since a real-time link is being maintained, is there anyway to keep my > programs (and the server DLL's) contained within a specific directory, > such that if the DLL has code which can be remotely manipulated by the > server, any server manipulation on my system is limited to the directory > where the my program resides? > =============== What type of DLL is this? COM/ActiveX, or standard DLL? You can use Dependency Walker to find out. Look for exported function DllRegisterServer(). If you find it, then it's COM/ActiveX DLL.
From: David on 8 Jan 2010 15:36 > You can't assign rights to a DLL. You can only assign them to users, so > > you'd have to call the DLL functions from the context of a different user No, the rights should go with the directory, and the user has / has not rights to use that directory, The question remains, will calling a wrapper dll or wrapper function -- that uses a dll that resides in a restricted directory -- keep any manipulaton based on the dll that resides in the restricted directory, contained within that restricted directory? "Jeff Johnson" <i.get(a)enough.spam> wrote in message news:eJ5OJPJkKHA.4500(a)TK2MSFTNGP06.phx.gbl... > "David" <dw85745NOT(a)earthlink.net> wrote in message > news:eNAqdoIkKHA.4672(a)TK2MSFTNGP06.phx.gbl... > >>> I get what a wrapper function is and thank you for your excellent >>> explanation re the VB usage of the DLL and the need for a wrapper. >>> because of how it was created. >>> >>> Taking this a step further -- in an attempt to limit the third party >>> DLL, >>> would Not putting the third party DLL within its own directory, with >>> rights to go outside this directory, and then creating my own DLL >>> that calls (interfaces with) the third party DLL, uses those DLL >>> functions I need which are exported (available) for my use, possibly be >>> effective? > >> Previous post should have said: >> >> with NO rights to go outside this directory > > You can't assign rights to a DLL. You can only assign them to users, so > you'd have to call the DLL functions from the context of a different user. >
From: Nobody on 8 Jan 2010 17:17 "David" <dw85745NOT(a)earthlink.net> wrote in message news:ubWT1IKkKHA.4912(a)TK2MSFTNGP02.phx.gbl... >> You can't assign rights to a DLL. You can only assign them to users, so > >> you'd have to call the DLL functions from the context of a different user > > No, the rights should go with the directory, and the user has / has not > rights to use that directory, The question remains, will calling a > wrapper dll or wrapper function -- that uses a dll that resides in a > restricted directory -- keep any manipulaton based on the dll that > resides in the restricted directory, contained within that restricted > directory? No, you have to run the process that will use the DLL as a different user, say VBUser, and set the permissions so that user only has access to that specific folder. Also, in Windows 2000+, you can "sandbox" a target process by using "Jobs". See my replies in this thread for details: http://groups.google.com/group/microsoft.public.vb.general.discussion/browse_thread/thread/e14776045607b79e/eea11416d755f147 Also, there are other things that you need to do if the third party DLL is COM/ActiveX DLL, but you didn't answer my question, so I can't help you further. COM/ActiveX DLL's can be run remotely. See the second parameter of CreateObject Function for details. Windows usually use dllhost.exe to run DLL's in this case. This can be secured by using "dcomcnfg" tool.
From: David on 8 Jan 2010 22:26 Nobody: Always appreciate your input. Doing a backup so little late in posting. I have two programs of concern. The first uses a Type Library dll. The second uses an ActiveX dll. Based on your comments will give it my best shot. Not familiar with "dcomcnfg" tool -- yet. Thanks again David. "Nobody" <nobody(a)nobody.com> wrote in message news:eAlz9BLkKHA.5520(a)TK2MSFTNGP06.phx.gbl... > "David" <dw85745NOT(a)earthlink.net> wrote in message > news:ubWT1IKkKHA.4912(a)TK2MSFTNGP02.phx.gbl... >>> You can't assign rights to a DLL. You can only assign them to users, so >>> > you'd have to call the DLL functions from the context of a different >>> user >> >> No, the rights should go with the directory, and the user has / has not >> rights to use that directory, The question remains, will calling a >> wrapper dll or wrapper function -- that uses a dll that resides in a >> restricted directory -- keep any manipulaton based on the dll that >> resides in the restricted directory, contained within that restricted >> directory? > > No, you have to run the process that will use the DLL as a different user, > say VBUser, and set the permissions so that user only has access to that > specific folder. Also, in Windows 2000+, you can "sandbox" a target > process by using "Jobs". See my replies in this thread for details: > > http://groups.google.com/group/microsoft.public.vb.general.discussion/browse_thread/thread/e14776045607b79e/eea11416d755f147 > > Also, there are other things that you need to do if the third party DLL is > COM/ActiveX DLL, but you didn't answer my question, so I can't help you > further. COM/ActiveX DLL's can be run remotely. See the second parameter > of CreateObject Function for details. Windows usually use dllhost.exe to > run DLL's in this case. This can be secured by using "dcomcnfg" tool. > > > >
From: David on 8 Jan 2010 22:51
Nobody: Quick follow-up. Went to MSDN. Regarding: Windows usually use dllhost.exe to run DLL's in this case. This can be secured by using "dcomcnfg" tool. 1) It appears "dcomcnfg" is only available using the Enterprise Edition. I'm using VB5 Pro Edition. 2) Note that I'm the Client trying to limit the servers capability. "Nobody" <nobody(a)nobody.com> wrote in message news:eAlz9BLkKHA.5520(a)TK2MSFTNGP06.phx.gbl... > "David" <dw85745NOT(a)earthlink.net> wrote in message > news:ubWT1IKkKHA.4912(a)TK2MSFTNGP02.phx.gbl... >>> You can't assign rights to a DLL. You can only assign them to users, so >>> > you'd have to call the DLL functions from the context of a different >>> user >> >> No, the rights should go with the directory, and the user has / has not >> rights to use that directory, The question remains, will calling a >> wrapper dll or wrapper function -- that uses a dll that resides in a >> restricted directory -- keep any manipulaton based on the dll that >> resides in the restricted directory, contained within that restricted >> directory? > > No, you have to run the process that will use the DLL as a different user, > say VBUser, and set the permissions so that user only has access to that > specific folder. Also, in Windows 2000+, you can "sandbox" a target > process by using "Jobs". See my replies in this thread for details: > > http://groups.google.com/group/microsoft.public.vb.general.discussion/browse_thread/thread/e14776045607b79e/eea11416d755f147 > > Also, there are other things that you need to do if the third party DLL is > COM/ActiveX DLL, but you didn't answer my question, so I can't help you > further. COM/ActiveX DLL's can be run remotely. See the second parameter > of CreateObject Function for details. Windows usually use dllhost.exe to > run DLL's in this case. This can be secured by using "dcomcnfg" tool. > > > > |