…unless the DLL file will have admin-only or LocalSystem-only ACL
“Doron Holan” wrote in message news:xxxxx@ntdev…
Squatting on a sym link can’t be done from a low priv process. A low priv process running as guest can just load tge dll and mess with it.
d
Bent from my phone
------------------------------------------------------------------------------
From: Marion Bond
Sent: ?12/?4/?2014 4:24 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Re: [ntdev] Re: [ntdev] One instance of UMDF device
Agreed - but how is it any different from someone squatting on / unmapping your symlink
None of this is going to protect you from a targeted attack, but will work under normal circumstances and against casual attempts to bypass
Sent from Surface Pro
From: Doron Holan
Sent: ?Wednesday?, ?December? ?03?, ?2014 ?10?:?03? ?PM
To: Windows System Software Devs Interest List
A shared section is a security boundary issue. Any low level process can loadlibrary the dll and then manipulate the shared value, affecting the actual umdf process when it is loaded afterwards
d
Bent from my phone
------------------------------------------------------------------------------
From: Marion Bond
Sent: ?12/?3/?2014 3:54 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Re: [ntdev] One instance of UMDF device
With the caveat that I have never programmed UMDF my understanding is that they are just a UM DLL so a variable in a shared section should work as a global right?
Sent from Surface Pro
From: xxxxx@osr.com
Sent: ?Wednesday?, ?December? ?03?, ?2014 ?5?:?05? ?PM
To: Windows System Software Devs Interest List
Thanks again, Mr. Wieland.
Might I suggest a doc bug to note under WdfDriverCreate that specifying a Context area for a WDFDRIVER Object with UMDF 2 might not act as expected?
In fact, would it not make sense to actually PREVENT folks from specifying a Context area for a WDFDRIVER (logging something to the log and returning an error to WdfDriverCreate), to avoid what is certainly a difficult to understand problem that’s unique to UMDF? That really would be an insidious problem to find.
Peter
OSR
@OSRDrivers
—
NTDEV is sponsored by OSR
Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
OSR is HIRING!! See http://www.osr.com/careers
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
—
NTDEV is sponsored by OSR
Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
OSR is HIRING!! See http://www.osr.com/careers
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
—
NTDEV is sponsored by OSR
Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
OSR is HIRING!! See http://www.osr.com/careers
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
—
NTDEV is sponsored by OSR
Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
OSR is HIRING!! See http://www.osr.com/careers
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer