lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20031004123208.GA15533@itesec.hsc.fr>
From: Jean-Baptiste.Marchand at hsc.fr (Jean-Baptiste Marchand)
Subject: RE: UPDATE! Jamming communication [COM] ports in windows...

* Rainer Gerhards <rgerhards@...adiscon.com> [23/09/03 - 19:01]:

> Yes, that's the point. /dev/xxx in *nix is not an issue - there are
> permissions. I have done a quick search, but I think there is no easy
> way to place ACLs on devices in Windows. I hope I am wrong. Does
> somebody know how to do this?

You're right, it is not really easy for a driver to set {D,S}ACLs on
device objects.

The problem was described back in 1998 in the following article:

http://www.sysinternals.com/ntw2k/info/devsec.shtml

In recent versions of the DDK a new function, IoCreateDeviceSecure(),
can be used to set the security decriptor on device objects created by a
driver:

http://www.osr.com/ddk/kmarch/k104_1ycy.htm

Device objects security is discussed in the following DDK entry:

http://www.osr.com/ddk/kmarch/devobjts_07tz.htm

One of the 2002 issues of the NT Insider publication discussed the
IoCreateDeviceSecure() DDI (you will have to register on osronline.com
to read that article):

http://www.osronline.com/article.cfm?id=105

There is also another article discussing the
IoValidateDeviceIoControlAccess() DDI, only supported in recent Windows
systems:

http://www.osronline.com/article.cfm?id=144

I know at least one well-known Windows driver that creates its device
objects with loose security permissions, which can lead to security
problems...

Hope this helps,

Jean-Baptiste Marchand
-- 
Jean-Baptiste.Marchand@....fr
HSC - http://www.hsc.fr/


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ