Why can I attach visual studio to process with no admin rights

Question

Well, the title sumarizes my question, but I will elaborate. I have always thought that any process runing with no admin rights shouldn't be able to access the memory space of any other process, and of course shouldnt be able to halt it's execution.

However, with visual studio running under a non-privileged account, I am able to attach to some processes runing under the same account and debug them. Why is this possible? Shouldn't the operative system prevent this?

Thanks in advance and cheers

Answer 1

for access say memory space of any other process we need open process with PROCESS_VM_READ|PROCESS_VM_OPERATION|PROCESS_VM_WRITE .. for this not mandatory need have SE_DEBUG_PRIVILEGE - if process running in same session as debugger, have the same token - usually it security descriptor (DACL) let open it for this debugger. this is absolutely expected. so question here - are we can open process with full access for debugging ? if this "peer" process (running under same user, with same privileges) - why not ?

and from DebugActiveProcess function

The debugger must have appropriate access to the target process, and it must be able to open the process for PROCESS_ALL_ACCESS. DebugActiveProcess can fail if the target process is created with a security descriptor that grants the debugger anything less than full access. If the debugging process has the SE_DEBUG_NAME privilege granted and enabled, it can debug any process.

and remark from yourself - except protected processes, if only your debugger when called DebugActiveProcess also protected process (with not less level of protection) (yes this is possible debug protected processes also)