Re: Passing event notification from driver to applica tion

“Michal Vodicka” wrote in message
news:xxxxx@ntdev…
>
> I always believed you don’t need admin rights to open event for
SYNCHRONIZE
> access. Is it correct?
>

Never tried it for an event… it’d make for a quick and interesting
experiment, though.

> If so, isn’t it enough? Why would app need to modify
> event state?
>

Depends on what you’re using the event for, I guess…

> If it is possible and driver is dependent on this state, it
> seems as security hole because any app could change event state and
control
> driver.
>

It’s wouldn’t be a security hole… it’d be by design. As I said in a
(torturously long and boring) previous post, named events are global to the
system. You can change the SD on the event (using various documented and
undocumented functions) thereby restricting access, but that’s only going to
go so far (the finest level of granularity being the SID).

Yes, I agree that signalling in only 1 direction would be secure – it
shifts the security problem to focus on the whatever’s being signalled (does
the event being set mean that data’s available in a shared buffer? Can that
buffer be accessed from another process?).

The whole issue makes “hanging IOCTLs” look attractive, doesn’t it. Then
again, even with that method, one has to be sure one is actually talking to
the right process. That probably means protecting a device object with an
SD. Which means that granularity is the SID, again.

Peter
OSR