Bugtraq mailing list archives
Re: Crashing NT with Native Calls
From: dleblanc () MINDSPRING COM (David LeBlanc)
Date: Mon, 28 Sep 1998 08:19:40 -0400
At 06:19 PM 9/25/98 +0200, Gigi Mori wrote:
The bug resides in TCPIP.SYS InternalIoControl dispatch routine where
lacks a check on current IRQ level before processing the query information request. I think you mean IRQL, which is a little different. At any rate, this one isn't too surprising - any time you start dealing directly with drivers, you're dealing with performance-oriented, trusted code. It is likely that all of the other code that calls into this sets the IRQL before going in. The trade-off to fix all of this is that, of course, to add checks all over the place for IRQL level, etc will incur a performance penalty. There are some interesting security implications in terms of who can do what to device drivers - see http://www.sysinternals.com/devsec.htm for a good article on this. An excerpt: "The vast majority of device objects created have the following permissions: Everyone:Read/Write (R/W) (the Everyone built-in Security Identifier -SID - is also known as the World SID), System:Full Access, and Administrator:Full Access." IMHO, it would be really nice to have documented APIs implemented in user mode for all of the command line apps - for example, nbtstat would be nice to be able to call from inside an app. Obviously what you're doing here is trying to do the same thing as netstat from inside an app. David LeBlanc dleblanc () mindspring com
Current thread:
- Crashing NT with Native Calls Luigi Mori (Sep 23)
- <Possible follow-ups>
- Re: Crashing NT with Native Calls David LeBlanc (Sep 28)