How can a COM server only allow access to specific COM clients using a whitelist?

0
votes

I built a C++ application that loads dll's (plugins). Before loading a dll, the application checks that the dll's digital signature is part of a white list. This is done to ensure that only authorized dll's get loaded.

I'm trying to do accomplish something similar using an out of process COM server/client. The COM server needs to ensure that only specific clients are able to access it (from a white list). I know that Microsoft provides many different authentication mechanisms for COM, but they seem to revolve around the applications identity (account used to run it). Ultimately, I need a secure way to verify that the COM client is who they say they are, and that they are in my white list.

I'm open to other ways of accomplishing this, but not using COM isn't really an option.

Thanks for any help you can provide

  • Chris
1
c++windowssecuritycomdcom
>*they seem to revolve around the applications identity (account used to run it)* That's because outside of .Net, you can't base security decisions on the caller, because the caller can do whatever it wants with memory, starting with the stack. What you're asking for is only possible in a controlled environment (.Net verifiable code) or another process running with a different token. - Medinoc
@Medonic - Could you explain what you mean by "or another process running with a different token"? - Chris McBride
Suppose you somehow managed to verify the validity of the EXE behind the process from which the call originates - but the actual call could have been made by a third-party DLL (injected via SetWindowsHookEx, for example) from within that process. Or the attacker could read the memory of that process (via ReadProcessMemory) after the call is made, and obtain the data you provided to it that way. - Igor Tandetnik
Different token means either different user, or restricted token for the same user (which makes the user belong to less groups and have less privileges, but can't affect the user's rights piecewise). - Medinoc

1 Answers

0
votes

I think this can be accomplished in DCOM Config in combination with trusted client certificates.

Another way is to implement a method in the interface where the server verifies the client digital signature. In this link is an example how to read out the client cert How do I read an embedded code signing signature in C++?