Re: [ros-dev] [ros-diffs] 02/08: [NTOSKRNL] Forbid processes without the Tcb prvilege to perform a user-mode hard-error BSOD.
2 Apr
2018
2 Apr
'18
6:33 p.m.
So to be clear, while the kernel still has tons of incompatible code and
issues to barely run as a Win2003-compatible kernel, whenever there's an NT
design decision you disagree with, you're going to be rewriting the little
bit of code that _does work well_ to work contrary to how NT works? Did I
get that right?
Good luck.
Best regards,
Alex Ionescu
On Mon, Apr 2, 2018 at 6:48 AM, Hermès BÉLUSCA-MAÏTO <hermes.belusca(a)sfr.fr>
wrote:
Yes, to only allow programs that REALLY REALLY REALLY
REALLY ….. need to
do so to trigger the hard-error “shutdown” BSOD from user-mode to do so,
and these programs would better be only those that run only in SYSTEM
rights, and more exactly these include CSRSS, WINLOGON and SMSS when
something very bad happen to them.
I would not appreciate, for example, that when I run a program under a
not-so privileged account (like, some random user account) that has just
the shutdown privilege to shut the computer down properly, that this
program suddently “BSODS” my machine.
To these programs, I say “f$ck these!”
Regards,
Hermès
*De :* Ros-dev [mailto:ros-dev-bounces@reactos.org] *De la part de* Alex
Ionescu
*Envoyé :* lundi 2 avril 2018 04:20
*À :* ReactOS Development List; Hermès Bélusca-Maïto
*Cc :* Linda Wang
*Objet :* Re: [ros-dev] [ros-diffs] 02/08: [NTOSKRNL] Forbid processes
without the Tcb prvilege to perform a user-mode hard-error BSOD.
Is there a point to this blatant behavior change?
Best regards,
Alex Ionescu
On Sun, Apr 1, 2018 at 3:04 PM, Hermès Bélusca-Maïto <
hermes.belusca-maito(a)reactos.org> wrote:
https://git.reactos.org/?p=reactos.git;a=commitdiff;h=
f0729b30bb79d6f538cf2b9578ff8ebe7989f8d3
commit f0729b30bb79d6f538cf2b9578ff8ebe7989f8d3
Author: Hermès Bélusca-Maïto <hermes.belusca-maito(a)reactos.org>
AuthorDate: Sun Apr 1 14:46:19 2018 +0200
Commit: Hermès Bélusca-Maïto <hermes.belusca-maito(a)reactos.org>
CommitDate: Sun Apr 1 22:39:31 2018 +0200
[NTOSKRNL] Forbid processes without the Tcb prvilege to perform a
user-mode hard-error BSOD.
---
ntoskrnl/ex/harderr.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/ntoskrnl/ex/harderr.c b/ntoskrnl/ex/harderr.c
index 84f409a1bb..a5200e3e74 100644
--- a/ntoskrnl/ex/harderr.c
+++ b/ntoskrnl/ex/harderr.c
@@ -132,8 +132,18 @@ ExpRaiseHardError(IN NTSTATUS ErrorStatus,
/* Check if this error will shutdown the system */
if (ValidResponseOptions == OptionShutdownSystem)
{
- /* Check for privilege */
- if (!SeSinglePrivilegeCheck(SeShutdownPrivilege, PreviousMode))
+ /*
+ * Check if we have the privileges.
+ *
+ * NOTE: In addition to the Shutdown privilege we also check
whether
+ * the caller has the Tcb privilege. The purpose is to allow only
+ * SYSTEM processes to "shutdown" the system on hard errors (BSOD)
+ * while forbidding regular processes to do so. This behaviour
differs
+ * from Windows, where any user-mode process, as soon as it has
the
+ * Shutdown privilege, can trigger a hard-error BSOD.
+ */
+ if (!SeSinglePrivilegeCheck(SeTcbPrivilege, PreviousMode) ||
+ !SeSinglePrivilegeCheck(SeShutdownPrivilege, PreviousMode))
{
/* No rights */
*Response = ResponseNotHandled;
_______________________________________________
Ros-dev mailing list
Ros-dev(a)reactos.org
http://www.reactos.org/mailman/listinfo/ros-dev
2422
days inactive
2422
days old
0 comments
1 participants
participants (1)
-
Alex Ionescu