9 Feb
2015
9 Feb
'15
6:54 p.m.
Well, we don't need to be jailbroken, so we can be secure. ;)
Let's fix it, blog about it, and get someone to publish something along
the lines of "Open Source Windows clone more secure than Windows --
ReactOS developers fixed vulnerability, but Microsoft's response to the
same issue still outstanding"
Everyone wins :D
On 2015-02-09 19:37, Alex Ionescu wrote:
This would be the win32k 0 day that's been blogged
and unfixed in Windows
for over 4 years now, and which allows the Surface RT to be jailbroken. You
really want to fix this? :( What about hackcompat?!
Best regards,
Alex Ionescu
On Sun, Feb 8, 2015 at 12:37 AM, Thomas Faber <thomas.faber(a)reactos.org>
wrote:
> On 2015-02-07 16:26, hbelusca(a)svn.reactos.org wrote:
>> @@ -792,24 +791,54 @@
>> case UserThreadInitiateShutdown:
>> {
>> ERR("Shutdown initiated\n");
>> - STUB;
>> - Status = STATUS_NOT_IMPLEMENTED;
>> +
>> + if (ThreadInformationLength != sizeof(ULONG))
>> + {
>> + Status = STATUS_INFO_LENGTH_MISMATCH;
>> + break;
>> + }
>> +
>> + Status = UserInitiateShutdown(Thread,
> (PULONG)ThreadInformation);
>> break;
>> }
>
> This looks like contrary to the other cases, ThreadInformation is
> neither probed, nor accessed inside SEH here?