CageConfigurator can no longer be started

[SailReal]

Issue with the CageConfigurator on the secure desktop introduced by @bencikpeter:

It switches mi to the desktop, labeler loads, but no window appears and when I close the cage, labelel finishes but I stay on a desktop and am forced to restart the machine.
other apps work just fine.

More information: #99 (comment)

[SailReal]

@bencikpeter is it possible that we have a problem with any kind of permissions running the CageConfigurator on the different desktop?

[DonatJR]

It's probably the automatic elevation prompt as the Configurator needs to have admin permissions. The UAC prompt can probably not be shown on the secure desktop

[bencikpeter]

@SailReal Maybe we can try to run something else that needs admin privileges in cage? just to see what happens

[DonatJR]

@bencikpeter Just did that and I am indeed having the same issues with both HWMonitor and Nvidia Inspector - both asking for elevation when started normally, bot not showing up on the secure desktop.

[bencikpeter]

@DonatJR And should we fix that?

As @SailReal pointed out, it worked before db7a14e549c8b64ee6a1d7fb8c01448458e7548b The reason that it worked though was, that before that moment, all caged aplications were started as NT AUTHORITY ... therefore no UAC prompt, since they were by default elevated. From that poit on, caged applications are started in security context of logged on user... I would say that the bug with displaying UAC has always existed and has nothing to do with changes in that particular commit, they just surfaced it.

I see two solutions:

1. Figure out a way how to display UAC prompt on secure desktop (which might be a little overkill, since UAC I belive is started on a separate (WINLOGON ) desktop on it´s own...)

The elevation process is further secured by directing the prompt to the secure desktop. The consent and credential prompts are displayed on the secure desktop by default in Windows 10. Only Windows processes can access the secure desktop. For higher levels of security, we recommend keeping the User Account Control: Switch to the secure desktop when prompting for elevation policy setting enabled.

2. Just state in a documentation that apps invoking UAC prompt are not compatible with Shark Cage and figure out how to avoid starting CageChooser elevated (maybe move the file and permission manipulation to the CageManager and when the config is ready in the buffer, ask Manager to save it and configure access rights?)

[DonatJR]

@bencikpeter
I think we should most definitely fix it, yes. Not being compatible with UAC prompts is kind of a big compromise, imo. Also, the user can't reliably predict which application causes an UAC prompt and if it happens the user is stuck with rebooting / logging out.

A third solution: Have a boolean flag in the config if the process should be started elevated like before (also requires previous knowledge of the application from the user).

I'm currently hoping the problem will resolve itself after #102 as the UAC prompt is started with system credentials and the system was previously not allowed to do anything on our desktop.

[DonatJR]

#102 should fix this for now, but we can keep this issue open to improve it in the future

[SailReal]

In my opinion, this can be closed because it is fixed.
If we can improve something (can we?) we can create an new issue for that?

[DonatJR]

alright, let's close it with #102. I created a new issue for improving the elevation dialog prompt: #110

[SailReal]

Fixed with: #105