Re: RE: UPDATE! Jamming communication [COM] ports in windows...

[Jean-Baptiste Marchand <Jean-Baptiste.Marchand () hsc fr>]

* Rainer Gerhards <rgerhards () hq adiscon com> [23/09/03 - 19:01]:

> Yes, that's the point. /dev/xxx in *nix is not an issue - there are
> permissions. I have done a quick search, but I think there is no easy
> way to place ACLs on devices in Windows. I hope I am wrong. Does
> somebody know how to do this?

You're right, it is not really easy for a driver to set {D,S}ACLs on
device objects.

The problem was described back in 1998 in the following article:

http://www.sysinternals.com/ntw2k/info/devsec.shtml

In recent versions of the DDK a new function, IoCreateDeviceSecure(),
can be used to set the security decriptor on device objects created by a
driver:

http://www.osr.com/ddk/kmarch/k104_1ycy.htm

Device objects security is discussed in the following DDK entry:

http://www.osr.com/ddk/kmarch/devobjts_07tz.htm

One of the 2002 issues of the NT Insider publication discussed the
IoCreateDeviceSecure() DDI (you will have to register on osronline.com
to read that article):

http://www.osronline.com/article.cfm?id=105

There is also another article discussing the
IoValidateDeviceIoControlAccess() DDI, only supported in recent Windows
systems:

http://www.osronline.com/article.cfm?id=144

I know at least one well-known Windows driver that creates its device
objects with loose security permissions, which can lead to security
problems...

Hope this helps,

Jean-Baptiste Marchand
-- 
Jean-Baptiste.Marchand () hsc fr
HSC - http://www.hsc.fr/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html