Full Disclosure mailing list archives
Re: RE: UPDATE! Jamming communication [COM] ports in windows...
From: Jean-Baptiste Marchand <Jean-Baptiste.Marchand () hsc fr>
Date: Sat, 4 Oct 2003 14:32:08 +0200
* Rainer Gerhards <rgerhards () hq adiscon com> [23/09/03 - 19:01]:
Yes, that's the point. /dev/xxx in *nix is not an issue - there are permissions. I have done a quick search, but I think there is no easy way to place ACLs on devices in Windows. I hope I am wrong. Does somebody know how to do this?
You're right, it is not really easy for a driver to set {D,S}ACLs on device objects. The problem was described back in 1998 in the following article: http://www.sysinternals.com/ntw2k/info/devsec.shtml In recent versions of the DDK a new function, IoCreateDeviceSecure(), can be used to set the security decriptor on device objects created by a driver: http://www.osr.com/ddk/kmarch/k104_1ycy.htm Device objects security is discussed in the following DDK entry: http://www.osr.com/ddk/kmarch/devobjts_07tz.htm One of the 2002 issues of the NT Insider publication discussed the IoCreateDeviceSecure() DDI (you will have to register on osronline.com to read that article): http://www.osronline.com/article.cfm?id=105 There is also another article discussing the IoValidateDeviceIoControlAccess() DDI, only supported in recent Windows systems: http://www.osronline.com/article.cfm?id=144 I know at least one well-known Windows driver that creates its device objects with loose security permissions, which can lead to security problems... Hope this helps, Jean-Baptiste Marchand -- Jean-Baptiste.Marchand () hsc fr HSC - http://www.hsc.fr/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: RE: UPDATE! Jamming communication [COM] ports in windows... Jean-Baptiste Marchand (Oct 04)