Export (0) Print
Expand All
COM
Expand Minimize

CoAllowUnmarshalerCLSID function

Adds an unmarshaler CLSID to the allowed list for the calling process only.

Syntax


HRESULT WINOLEAPI CoAllowUnmarshalerCLSID(
  _In_  REFCLSID clsid
);

Parameters

clsid [in]

The CLSID of the unmarshaler to be added to the per-process allowed list.

Return value

If this function succeeds, it returns S_OK. Otherwise, it returns an HRESULT error code.

Remarks

Don't call the CoAllowUnmarshalerCLSID function until after CoInitializeSecurity has been called in the current process.

The CoAllowUnmarshalerCLSID function provides more granular control over unmarshaling policy than is provided by the policy options. If the process applies any unmarshaling policy, the effect of the CoAllowUnmarshalerCLSID function is to make the policy comparatively weaker. For this reason, only call CoAllowUnmarshalerCLSID when the security impact is well understood. Usually, this is used to facilitate applying a stronger unmarshaling policy option for the broad attack surface reduction this provides, when a specific unmarshaler CLSID not allowed by that option is needed due to other constraints.

For example, it's appropriate to call the CoAllowUnmarshalerCLSID function when an unmarshaler is known or believed to have a vulnerability but is required by an app. Also, it's appropriate to call CoAllowUnmarshalerCLSID if the unmarshaler is used in multiple processes, but only as part of an uncommon feature. Don't use the CoAllowUnmarshalerCLSID function as a replacement for hardening the unmarshaler.

Windows Phone 8.1: This API is supported.

Requirements

Minimum supported client

Windows 8

Minimum supported server

Windows Server 2012

Header

Combaseapi.h

See also

IMarshalingStream
GLOBALOPT_UNMARSHALING_POLICY_VALUES

 

 

Community Additions

ADD
Show:
© 2014 Microsoft