From f0c01000fdcc3d13e5e8eea77c7340330d9ba52d Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Tue, 7 May 2019 20:47:56 +0200
Subject: service: local system's token is a bit more locked down than elevated

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
 service/service_manager.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'service/service_manager.go')

diff --git a/service/service_manager.go b/service/service_manager.go
index 2862c729..722f954d 100644
--- a/service/service_manager.go
+++ b/service/service_manager.go
@@ -118,9 +118,10 @@ func (service *managerService) Execute(args []string, r <-chan svc.ChangeRequest
 			log.Printf("Unable to determine elevated environment: %v", err)
 			return
 		}
-		securityAttributes, err := getSecurityAttributes(userTokenInfo.elevatedToken, userToken)
+		currentProcess, _ := windows.GetCurrentProcess()
+		securityAttributes, err := getSecurityAttributes(windows.Token(currentProcess), userToken)
 		if err != nil {
-			log.Printf("Unable to extract security attributes from elevated token and combine them with SID from user token: %v", err)
+			log.Printf("Unable to extract security attributes from manager token and combine them with SID from user token: %v", err)
 			return
 		}
 		for {
-- 
cgit v1.2.3-59-g8ed1b