Posted by: Christian Wimmer in: JEDI Windows Security Code Lib
If you try to make your application more secure against external plugins (or better code) by impersonating a low privileged user and then call the plugin function, isn’t that wise. You could also do nothing which has the same effect. Malicious code can easily revert to the process token by calling the API RevertToSelf though.
If you really want to secure your application, you have to source out all external plugins into a new process (the plugins you do not maintain). This process can even be restricted by the CreateRestrictedToken and CreateProcessAsUser API. The Windows Vista Sidebar uses this way to make sure that crazy going external plugins cannot crash the main application (however it does not restrict the new process).