> ----------
From:
xxxxx@Seagate.com[SMTP:xxxxx@Seagate.com]
Reply To: xxxxx@lists.osr.com
Sent: Thursday, August 22, 2002 6:27 PM
To: xxxxx@lists.osr.com
Subject: [ntdev] Re: Passing event notification from driver to
applicationIs it at least a valid approach to pass the *name* of the event from
user-mode to kernel mode? Or is there a security hole there, too, that
I’m
not seeing?
Maybe. Think about an evil application which send a name of event used by
another application or OS to kernel driver. For example some event which OS
uses for notification. Driver uses it incorrect way which could be misused
as security hole (don’t ask me for real example, don’t know). Note these
notification events can be only read by user mode app and kernel driver
could be misused this way to change their state.
Best regards,
Michal Vodicka
STMicroelectronics Design and Application s.r.o.
[michal.vodicka@st.com, http:://www.st.com]