I'm just writing some code that enables the SeDebug privilege in Windows, using AdjustTokenPrivileges. The token came from OpenProcessToken; OpenThreadToken only returns a token if impersonating.
A couple of things occur to me:
- What's the scope of the token? Is it per-process, or per-thread? If I enable a privilege, is that privilege enabled for just this thread, or for the entire process (or for the entire session)?
- If the scope is wider than just the thread, how do I avoid race conditions when enabling or disabling it?