Check if there is an easy solution for checking desktop rights in C#

[DonatJR]

Or at least easier than currently done in CageConfigurator.cs - StartedInCage(). Maybe ask the service?

[bencikpeter]

I had a look at StartedInCage() function and I believe that it is a) hacky and b) not even doing the right thing. Let me explain:

• b) if I understood the code correctly, it only checks if it´s running on a desktop having only two entries in dacl and both have been granted appropriate access. Such desktop could be spawned by any application, not only shark cage. This check could be fooled quite easily.

• a) it is far too dependent on technical condfiguration of desktop ACL. If the implementation in CageManager/SecuritySetup would change for any reason, entire StartedInCage() function would need to be rewritten as well.

My suggestion is to abandon the rights checking approach at all and focus on a desktop name instead. It´s (pseudo)random and never reused, therefore it should suffice in order to check if the application is in cage. The problem is, that only CageManager knows the "canonical" name... therefore some mean of communication between CageManager and CageConfigurator must be implemented so that CageConfigurator could ask for a canonical name of the desktop and comapre it with the name of the desktop that he is running on.

[DonatJR]

Agreed, it is hacky. But I think checking for the specific access rights constellation of the secure desktop is still better than nothing for now (even more so considering creating a desktop with these specific rights requires administrator privileges).