{"id":2443,"date":"2013-12-06T07:00:00","date_gmt":"2013-12-06T07:00:00","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/oldnewthing\/2013\/12\/06\/is-it-wrong-to-call-shfileoperation-from-a-service\/"},"modified":"2013-12-06T07:00:00","modified_gmt":"2013-12-06T07:00:00","slug":"is-it-wrong-to-call-shfileoperation-from-a-service","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/oldnewthing\/20131206-00\/?p=2443","title":{"rendered":"Is it wrong to call SHFileOperation from a service?"},"content":{"rendered":"<p> A customer had a simple question: &#8220;Is it wrong to call <code>SHFile&shy;Operation<\/code> from a service?&#8221; <\/p>\n<p> I don&#8217;t know if I&#8217;d call it wrong, but I&#8217;d call it highly inadvisable. <\/p>\n<ul>\n<li>     <code>SHFile&shy;Operation<\/code> was designed for interactive operations,     so you&#8217;re using it outside its original design parameters. <\/li>\n<li>     Many shell extensions ignore &#8220;no UI&#8221; flags and put up UI anyway.     As a result, your call to <code>SHFile&shy;Operation<\/code>     may end up getting stuck on unexpected UI.     Now you have a service displaying UI,     and that&#8217;s just     <a href=\"http:\/\/blogs.msdn.com\/b\/larryosterman\/archive\/2005\/09\/14\/466175.aspx\">     asking for trouble<\/a>. <\/li>\n<li>     The shell for the most part     <a href=\"http:\/\/blogs.msdn.com\/b\/oldnewthing\/archive\/2011\/09\/28\/10217445.aspx\">     does not expect to be called while impersonating<\/a>.     There are a few functions specifically designed for use     while impersonating;     those exceptions are called out explicitly     in their respective documentation.     <code>SHFile&shy;Operation<\/code> is not one of those functions. <\/li>\n<li>     Since <code>SHFile&shy;Operation<\/code> uses the shell namespace,     you are at risk of loading shell extensions into a service.     Shell extensions typically are not written with the     strict security requirements of a service in mind,     and you may end up creating a security hole.     Somebody could plant a     <code>desktop.ini<\/code> into a directory your service operates on,     and now your service has been tricked into loading     a shell namespace extension.     The bad guys are constantly searching for     buggy shell extensions that they     can use as an attack point.     And if they can get into a service, well, then     they just hit the jackpot! <\/li>\n<\/ul>\n<p> <b>Update<\/b>: See <a href=\"http:\/\/blogs.msdn.com\/b\/oldnewthing\/archive\/2014\/11\/21\/10574758.aspx\"> Is it wrong to call SHFileOperation from a service? Revised<\/a>. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>A customer had a simple question: &#8220;Is it wrong to call SHFile&shy;Operation from a service?&#8221; I don&#8217;t know if I&#8217;d call it wrong, but I&#8217;d call it highly inadvisable. SHFile&shy;Operation was designed for interactive operations, so you&#8217;re using it outside its original design parameters. Many shell extensions ignore &#8220;no UI&#8221; flags and put up UI [&hellip;]<\/p>\n","protected":false},"author":1069,"featured_media":111744,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[25],"class_list":["post-2443","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-oldnewthing","tag-code"],"acf":[],"blog_post_summary":"<p>A customer had a simple question: &#8220;Is it wrong to call SHFile&shy;Operation from a service?&#8221; I don&#8217;t know if I&#8217;d call it wrong, but I&#8217;d call it highly inadvisable. SHFile&shy;Operation was designed for interactive operations, so you&#8217;re using it outside its original design parameters. Many shell extensions ignore &#8220;no UI&#8221; flags and put up UI [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/2443","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/users\/1069"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/comments?post=2443"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/2443\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media\/111744"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media?parent=2443"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/categories?post=2443"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/tags?post=2443"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}