>
The reason is that the Win32 process init requires the open of the LPC
port to connect to CSRSS, and this in turn requires Bypass Traverse Checking
(at least in multi-desktop setups like XP’s Fast User Switching).
Hmmm interesting one never thought of it actually.
Btw thank you and Skywing for the fast reply, that was actually the pbem,
not adjusting/enabling token in caller thread.
With respect,
Gabriel Bercea
GaMiTech Software Development
Mobile contact: (+40)0740049634
eMail: xxxxx@gmail.com
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
Sent: Wednesday, March 25, 2009 12:50 PM
To: Windows File Systems Devs Interest List
Subject: Re:[ntfsd] SE_LOAD_DRIVER_PRIVILEGE and SeSinglePrivilegeCheck
Also:
please never ever use the DisableAllPrivileges feature of
AdjustTokenPrivileges.
It disables some Win32-mandatory privileges, without which the Win32
code cannot work, namely the “Bypass Traverse Checking” privilege.
We once had a product which contained an API DLL to talk to the kernel
part (CreateFile+DeviceIoControl, and AdjustTokenPrivileges around
CreateFile), and a shell extension DLL which called the API DLL.
When AdjustTokenPrivileges in the API DLL (called by the shell ext DLL)
was doing DisableAllPrivileges, this disabled the Bypass Traverse Checking
privilege for Explorer.exe itself, which resulted in Explorer being not able
to start any processes (while CMD.EXE was still able of this OK).
The reason is that the Win32 process init requires the open of the LPC
port to connect to CSRSS, and this in turn requires Bypass Traverse Checking
(at least in multi-desktop setups like XP’s Fast User Switching).
–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com
NTFSD is sponsored by OSR
For our schedule of debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer