Are Processes Launched by Elevated Processes Themselves Elevated?
For IT admins, understanding the concept of elevated processes is key for maintaining a secure system. An elevated process is one that is running with additional privileges compared to a normal user. These additional privileges could range from the ability to read and write to system files, to the ability to create and delete users on the system.
When a process is launched from an elevated process, the question arises: are the processes it launches automatically elevated as well? The answer to this question depends on the operating system and the way the process is launched.
In Windows, the answer is typically yes. When a process is launched from an elevated process, it will also be elevated. This is because the privileges of the launching process are passed on to the newly launched process. In other words, the newly launched process runs with the same privileges as the process that launched it.
However, there are some exceptions. For example, if the elevated process launches a process using the CreateProcess() API, the newly launched process will not be elevated unless the CREATE_NEW_PROCESS_GROUP flag is set. In this case, the newly launched process will have the same privileges as the user that launched it, rather than the privileges of the launching process.
In Linux, the answer is typically no. When a process is launched from an elevated process, it will not be elevated unless the launching process explicitly gives additional privileges to the newly launched process. For example, if the launching process uses the setuid() system call, it can give the newly launched process the same privileges as the launching process.
It is important to note that the privileges of the launching process are not always passed to the newly launched process. For example, if the launching process is running with administrator privileges, but the newly launched process is launched without the setuid() system call, it will not have administrator privileges.
In conclusion, the answer to the question of whether processes launched by elevated processes are themselves elevated depends on the operating system and the way the process is launched. In Windows, the answer is typically yes, while in Linux, the answer is typically no. It is also important to note that the privileges of the launching process are not always passed to the newly launched process, so it is important to understand the way the process is launched in order to determine whether the newly launched process has elevated privileges or not.
