Re: [ros-dev] [ros-diffs] 02/08: [NTOSKRNL] Forbid processes without the Tcb prvilege to perform a user-mode hard-error BSOD.

Is there a point to this blatant behavior change?

Best regards, Alex Ionescu

On Sun, Apr 1, 2018 at 3:04 PM, Hermès Bélusca-Maïto < hermes.belusca-maito@reactos.org> wrote:

https://git.reactos.org/?p=reactos.git;a=commitdiff;h= f0729b30bb79d6f538cf2b9578ff8ebe7989f8d3

commit f0729b30bb79d6f538cf2b9578ff8ebe7989f8d3 Author: Hermès Bélusca-Maïto hermes.belusca-maito@reactos.org AuthorDate: Sun Apr 1 14:46:19 2018 +0200 Commit: Hermès Bélusca-Maïto hermes.belusca-maito@reactos.org CommitDate: Sun Apr 1 22:39:31 2018 +0200

[NTOSKRNL] Forbid processes without the Tcb prvilege to perform a

user-mode hard-error BSOD.

ntoskrnl/ex/harderr.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/ntoskrnl/ex/harderr.c b/ntoskrnl/ex/harderr.c index 84f409a1bb..a5200e3e74 100644 --- a/ntoskrnl/ex/harderr.c +++ b/ntoskrnl/ex/harderr.c @@ -132,8 +132,18 @@ ExpRaiseHardError(IN NTSTATUS ErrorStatus, /* Check if this error will shutdown the system */ if (ValidResponseOptions == OptionShutdownSystem) {

•    /* Check for privilege */
  

•    if (!SeSinglePrivilegeCheck(SeShutdownPrivilege, PreviousMode))
  

•    /*
  

•     * Check if we have the privileges.
  

•     *
  

•     * NOTE: In addition to the Shutdown privilege we also check
  

whether

•     * the caller has the Tcb privilege. The purpose is to allow only
  

•     * SYSTEM processes to "shutdown" the system on hard errors (BSOD)
  

•     * while forbidding regular processes to do so. This behaviour
  

differs

•     * from Windows, where any user-mode process, as soon as it has
  

the

•     * Shutdown privilege, can trigger a hard-error BSOD.
  

•     */
  

•    if (!SeSinglePrivilegeCheck(SeTcbPrivilege, PreviousMode) ||
  

•        !SeSinglePrivilegeCheck(SeShutdownPrivilege, PreviousMode))
     {
         /* No rights */
         *Response = ResponseNotHandled;