Recent Posts

Tags

News

  • A blog about Microsoft Windows development, focused on kernel-mode driver development, the Windows DDK, WDK, and related tools.

    To elaborate on the copyright notice at the bottom: all content produced by me on this site is copyright and licensed as follows:

    <!-- Creative Commons License --> Creative Commons License
    This work is licensed under a Creative Commons License. <!-- /Creative Commons License --> <!-- <rdf:RDF xmlns="http://web.resource.org/cc/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <Work rdf:about=""> <dc:type rdf:resource="http://purl.org/dc/dcmitype/Text" /> <license rdf:resource="http://creativecommons.org/licenses/by-nc/2.0/" /> </Work> <License rdf:about="http://creativecommons.org/licenses/by-nc/2.0/"> <permits rdf:resource="http://web.resource.org/cc/Reproduction" /> <permits rdf:resource="http://web.resource.org/cc/Distribution" /> <requires rdf:resource="http://web.resource.org/cc/Notice" /> <requires rdf:resource="http://web.resource.org/cc/Attribution" /> <prohibits rdf:resource="http://web.resource.org/cc/CommercialUse" /> <permits rdf:resource="http://web.resource.org/cc/DerivativeWorks" /> </License> </rdf:RDF> -->

    Although I work for Positive Networks, this work is my own and is not connected with my employer in any way.

    <!-- technorati again --> <script type="text/javascript" src="http://embed.technorati.com/embed/8xz8dihr.js"> </script>

Community

Email Notifications

Other Blogs

General

Technical Resources

About Me

Archives

Kernel Mustard

Reflections on Windows System Programming
Steve Dispensa, MVP - Windows DDK

Who's Asking: Solution

Well, after all of this chasing of security issues around the internals of the OS, I guess it's finally time to reveal way to handle this problem.

The key here is recognizing that the security context information must be valid somehow during the create path. No matter what else happens above, the create IRP that is passed into the target driver (i.e. a filesystem driver, for example) must have valid security information - how else would the filesystem driver know if the requestor has permission to e.g. open the file?

Digging into the IO_STACK_LOCATION a bit, you'll find the SecurityContext member of the Create options in the big old parameters union. This is where we find the authoritative security context information present for the request. Programming an access check routine based on this information is still a little tricky, and requires a good understanding of the security model of the OS, but this is where to start.

I'd like to thank Ken Johnson, another Positive Networks coder, for lending a hand on this series of articles. This series has been fun for a few reasons - it's interesting getting to the bottom of the issues created by the asynchronous processing model of the OS, and it's an example of the principle that you should never be too sure that you know the right answer to a problem, regardless of how well your solution seems to work.

Happy hacking!

[now playing: Elephant, by the White Stripes]

Posted: Nov 16 2004, 07:53 PM by Steve Dispensa | with no comments
Filed under:
Leave a Comment

(required) 

(required) 

(optional)

(required)