The user mode code is passing a self-relative SD to my driver. The
driver will check the validity of the SD using
RtlValidSecurityDescriptor API before using it.
This works fine before Win7. RtlValidSecurityDescriptor fails (i.e.
says the SD is not valid) on Win7 for any SD that I pass to it…
Anyone have a clue what’s going on?
–
Kind regards, Dejan (MSN support: xxxxx@alfasp.com)
http://www.alfasp.com
File system audit, security and encryption kits.
Well, well… this API on Win7 only handles absolutely SDs (unlike
previous versions of Windows where it also supported self-relative ones).
The solution is to use RtlValidRelativeSecurityDescriptor API instead.
(strange I didn’t notice it before…)
Dejan.
Dejan Maksimovic wrote:
The user mode code is passing a self-relative SD to my driver. The
driver will check the validity of the SD using
RtlValidSecurityDescriptor API before using it.This works fine before Win7. RtlValidSecurityDescriptor fails (i.e.
says the SD is not valid) on Win7 for any SD that I pass to it…
Anyone have a clue what’s going on?–
Kind regards, Dejan (MSN support: xxxxx@alfasp.com)
http://www.alfasp.com
File system audit, security and encryption kits.
–
Kind regards, Dejan (MSN support: xxxxx@alfasp.com)
http://www.alfasp.com
File system audit, security and encryption kits.
Hey Dejan
That’s indeed a useful tip - thanks - with a bit of luck I’ll remember 
Yet, and perhaps this is philosophical, there seems to be a bit of a
chicken-egg thing here. I want to know if this piece of address space,
proposed to contain a security descriptor, in fact contains a valid security
descriptor. To do so, I need to determine first whether or not the proposed
security descriptor is self relative. So this raises the question whether I
can first validly determine whether or not this piece of address space
contains a self relative security descriptor …
Cheers, Lyndon
Try both APIs 
Dopey wrote:
Hey Dejan
That’s indeed a useful tip - thanks - with a bit of luck I’ll remember
Yet, and perhaps this is philosophical, there seems to be a bit of a
chicken-egg thing here. I want to know if this piece of address space,
proposed to contain a security descriptor, in fact contains a valid security
descriptor. To do so, I need to determine first whether or not the proposed
security descriptor is self relative. So this raises the question whether I
can first validly determine whether or not this piece of address space
contains a self relative security descriptor …Cheers, Lyndon
NTFSD is sponsored by OSR
For our schedule of debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminarsTo unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
–
Kind regards, Dejan (MSN support: xxxxx@alfasp.com)
http://www.alfasp.com
File system audit, security and encryption kits.