A customer had a simple question:
"Is it wrong to call SHFileOperation
from a service?"
I don't know if I'd call it wrong, but I'd call it highly inadvisable.
SHFileOperation
was designed for interactive operations, so you're using it outside its original design parameters.-
Many shell extensions ignore "no UI" flags and put up UI anyway.
As a result, your call to
SHFileOperation
may end up getting stuck on unexpected UI. Now you have a service displaying UI, and that's just asking for trouble. -
The shell for the most part
does not expect to be called while impersonating.
There are a few functions specifically designed for use
while impersonating;
those exceptions are called out explicitly
in their respective documentation.
SHFileOperation
is not one of those functions. -
Since
SHFileOperation
uses the shell namespace, you are at risk of loading shell extensions into a service. Shell extensions typically are not written with the strict security requirements of a service in mind, and you may end up creating a security hole. Somebody could plant adesktop.ini
into a directory your service operates on, and now your service has been tricked into loading a shell namespace extension. The bad guys are constantly searching for buggy shell extensions that they can use as an attack point. And if they can get into a service, well, then they just hit the jackpot!