looking-glass/host/platform/Windows
Quantum 4858bb5899 [host] windows: avoid quoting issues with CreateProcessAsUserA
To quote MSDN documentation:

> The lpApplicationName parameter can be NULL, in which case the executable
> name must be the first white space–delimited string in lpCommandLine. If
> the executable or path name has a space in it, there is a risk that a
> different executable could be run because of the way the function parses
> spaces. The following example is dangerous because the function will
> attempt to run "Program.exe", if it exists, instead of "MyApp.exe".
>
>   LPTSTR szCmdline[] = _tcsdup(TEXT("C:\\Program Files\\MyApp"));
>   CreateProcessAsUser(hToken, NULL, szCmdline, /*...*/ );
>
> If a malicious user were to create an application called "Program.exe" on
> a system, any program that incorrectly calls CreateProcessAsUser using the
> Program Files directory will run this application instead of the intended
> application.
>
> To avoid this problem, do not pass NULL for lpApplicationName.

So instead, we pass the executable to lpApplicationName instead, which avoids
the issue. MSDN says:

> The lpCommandLine parameter can be NULL. In that case, the function uses
> the string pointed to by lpApplicationName as the command line.

This also avoids the strdup since lpApplicationName is LPCSTR unlike
lpCommandLine which is LPSTR.
2021-01-16 11:48:03 +11:00
..
capture [all] use explicit void parameter lists 2021-01-14 17:29:37 +11:00
include/windows [c-host] renamed finall to just plain host 2020-05-25 13:42:43 +10:00
src [host] windows: avoid quoting issues with CreateProcessAsUserA 2021-01-16 11:48:03 +11:00
app.manifest [host] set the program name/description in the app.manifest 2020-10-19 01:56:03 +11:00
CMakeLists.txt [host] windows: improve restart logic and remove mutex hack 2021-01-15 11:43:23 +11:00
installer.nsi [host] nsis: change 'Stopping' to imperative 'Stop' 2021-01-01 12:12:07 +11:00
resource.rc [c-host] renamed finall to just plain host 2020-05-25 13:42:43 +10:00