The approach I suggest for services and filters to identify each other
is to use built-in Windows security. The filter can read a security
descriptor from its registry key and apply it to the control device
object. By establishing access to the CDO so that a specific account
can access it (and not open to “Administrators” or other well know user
or group SIDs) and then having the service run under that same account,
you know when the CDO is opened it must be an authorized service.
This isn’t foolproof and it can be compromised by anyone who can
compromise the TCB, but it is another “layer” that must be identified
and penetrated in order to take advantage of your service (and that
significantly lowers the likelihood of attack on you). It is also
relatively easy to implement and provides significant protection with
relatively low effort - and low risk of “doing it wrong” because you
aren’t implementing new security policy (just using existing OS-provided
mechanism).
Regards,
Tony
Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Don Burn
Sent: Thursday, September 08, 2005 7:50 AM
To: ntfsd redirect
Subject: Re:[ntfsd] Suspent IRP, call User app, then proceed?
Actually, this is a pretty poor way. You should have a mechanism for
your
control application to identify itself to the filter. Then requests
from
the application are passed through. A boolean will not work, how do you
know if process A tries to access the file, then before the control app
gets
control, process B tries to access the file, with a boolean B gets
through,
and your control application blocks.
You need to be thinking about multiple accesses, and probably multiple
files
(unless things are very special purpose). Remember, that with dual core
8
way systems will become common here, and expect to see much cheaper 16
processor or more. If you don’t consider a high degree of concurrency
it
will bight you.
–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Remove StopSpam from the email to reply
“Matt Martin” wrote in message
news:xxxxx@ntfsd…
I see that… How could I handle a second create for the same file
(somefile.exe)???
Would using a static Boolean value solve this problem?
1. The first IRP_Create sets a Boolean value to true and sends a message
to
the usermode app and waits.
2. The second IRP_Create is received for the certificate check(generated
by
user app); in a switch structure, based upon the Boolean value, the
second
irp is passed down to the next lower driver.
3. The Boolean value is cleared(reset), return status success.
Is there a more elegant way to handle the re-entry? Would the above
technique even work? Is there a way to prevent re-entry and still do the
same thing?
I intend for this driver to sit at the very top of the stack.
Naddav, sorry but I got a little confused in your response. I’ve re-read
it
several times, I think I need to re-read it several more times…
Thanks
though, perhaps once I get some sleep and can think a little more
clearly
and I’ll understand it fully.
Matt
----- Original Message -----
From: Ladislav Zezula
To: Windows File Systems Devs Interest List
Sent: Wednesday, September 07, 2005 8:30 AM
Subject: Re: [ntfsd] Suspent IRP, call User app, then proceed?
> In dispatch, signal the usermode application
> to do some validation for somefile.exe and wait for it till the
Don’t forget that you’ll get the create IRP for somefile.exe again,
when the usermode app will check the file. You must handle this
case correctly to prevent deadlock.
L.
—
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: unknown lmsubst tag
argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
—
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com