Writing Secure Code: Practical Strategies and Proven Techniques for Building Secure Applications in a Networked World (Developer Best Practices)
The simplest way would be to have your service create the shared memory and specify a DACL in CreateFileMapping that grants regular users read access to the shared memory.
Normal users don't have the create global privilege, but services can have this privilege. If you must have your users create the shared memory and then have the service probe it, you could have an IPC scheme where your user code sends a message to the service containing the file mapping handle, and the service would then call DuplicateHandle to get a reference to it. This would require your service to run with the debug privilege.
The simplest way to create a DACL is to use ConvertStringSecurityDescriptorToSecurityDescriptor, which takes a string in a format called SDDL specifying the ACL.
Writing Secure Code contains an excellent chapter on creating DACL's with SDDL.
// Error handling removed for brevity
attributes.nLength = sizeof(attributes);
PAGE_READWRITE, sizeHigh, sizeLow, L"Global\\MyObject");
"D:P(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;GR;;;IU)" specifies the DACL. D:P means this is a DACL (instead of a SACL . . . you'd rarely use SACL's) followed by several ACE strings which control who gets access. Each one is A (allow) and allows for object and contains inheritance (OICI). The first to grant all access (GA - grant all) to System (SY) and Administrators (BA, built-in administratos). The last grants read (GR) to interactive users (IU), which are users actually logged on to a session.
Once this is done, normal users should be able to call OpenFileMapping to get a handle to the shared mapping, and be able to map it into their process. Since normal users have limited rights on the object, they'll have to be sure to open it and map it for read-access only.
If users need write-acccess, you'd replace GR with GWGR. Note that this isn't secure - a limited user would then be able to modify the shared memory while your service is reading and trying to parse information, resulting in a crash of your service.
Check out Writing Secure Code by Michael Howard and David LeBlanc from Microsoft Press. It's got a lot of good information on secure coding in general as well as a chapter or two specific to web programming. It's a Microsoft book but most of the ideas translate to whatever language you are working in.
Link to Amazon.
Principles to keep in mind if you want your applications to be secure:
There are some excellent books and articles online about making your applications secure:
Train your developers on application security best pratices
Security Compass (paid)
OWASP WebGoat (free)
Many resources are available, some in question are: