I’m trying to ccreate an FltMgr comm port with no access restraint (i.e.
the user need not be in Admin group).
RtlCreateSecurityDescriptor is supposed to create a no-DACL SD, which
should be sufficient, but instead it grants NO access to any user
(including Admin group).
Should I modify anything additionaly for the SD to allow access to FltMgr
ports?
–
Alfa File System Filtering components. Security, monitoring and encryption.
you need to use the following code:
status = FltBuildDefaultSecurityDescriptor( &sd, FLT_PORT_ALL_ACCESS );
if( NT_SUCCESS( status )) status = RtlSetDaclSecurityDescriptor( sd, TRUE,
NULL, FALSE );
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Dejan Maksimovic
Sent: Thursday, September 09, 2010 6:54 AM
To: Windows File Systems Devs Interest List
Subject: [ntfsd] No restraint security descriptor for FltMgr comm port
I’m trying to ccreate an FltMgr comm port with no access restraint (i.e.
the user need not be in Admin group).
RtlCreateSecurityDescriptor is supposed to create a no-DACL SD, which
should be sufficient, but instead it grants NO access to any user
(including Admin group).
Should I modify anything additionaly for the SD to allow access to FltMgr
ports?
–
Alfa File System Filtering components. Security, monitoring and encryption.
NTFSD is sponsored by OSR
For our schedule of debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
OK that did it, thanks… still the question of why a simple RtlCreateSecurityDescriptor didn’t work remains…
Dejan.
Petr Kurtin wrote:
you need to use the following code:
status = FltBuildDefaultSecurityDescriptor( &sd, FLT_PORT_ALL_ACCESS );
if( NT_SUCCESS( status )) status = RtlSetDaclSecurityDescriptor( sd, TRUE,
NULL, FALSE );-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Dejan Maksimovic
Sent: Thursday, September 09, 2010 6:54 AM
To: Windows File Systems Devs Interest List
Subject: [ntfsd] No restraint security descriptor for FltMgr comm portI’m trying to ccreate an FltMgr comm port with no access restraint (i.e.
the user need not be in Admin group).
RtlCreateSecurityDescriptor is supposed to create a no-DACL SD, which
should be sufficient, but instead it grants NO access to any user
(including Admin group).
Should I modify anything additionaly for the SD to allow access to FltMgr
ports?–
Alfa File System Filtering components. Security, monitoring and encryption.
NTFSD is sponsored by OSR
For our schedule of debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminarsTo unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
NTFSD is sponsored by OSR
For our schedule of debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminarsTo unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
–
Kind regards, Dejan (MSN support: xxxxx@alfasp.com)
http://www.alfasp.com
File system audit, security and encryption kits.