It looks like someone wants to build a security package and they have read a
couple of books on Windows. Then he decides that the way to implement
security is to stop write access, some or all of the time. Then he first
wants to block it at the device driver for mass storage devices, including
floppies. Then he jumped to file system filters, then back. I am not even
sure what versions of the OS are being considered.
I found the threads very confusing and almost like what the pointy-haired
boss on Dilbert would say. Maybe it is just research for a cartoon strip or
joke book.
“Nick Ryan” wrote in message news:xxxxx@ntfsd…
>
> You keep changing your requirements on me. 
So basically you want the
> storage device to appear as read-only to the rest of the system. But
> isn’t this exactly the question you recently asked on the ntdev list
> (and got lots of good answers in response to)?
>
> - Nick Ryan
>
> > -----Original Message-----
> > From: xxxxx@lists.osr.com
> > [mailto:xxxxx@lists.osr.com] On Behalf Of vincent gambit
> > Sent: Wednesday, June 25, 2003 10:08 AM
> > To: File Systems Developers
> > Subject: [ntfsd] RE: which type of filter?
> >
> >
> > hi,
> >
> > thanks for your reply.
> > Is a storage filter same as a disk filter?
> > If its the same, I have a problem.
> > I can’t block write to the storage device at IRP_MJ_WRITE.
> > Because if I do that, when user use Windows Explorer to
> > create file, the
> > filesystem will allow the user to create the file and the
> > file will be
> > showed created successfully. But when the actual writes
> > happen, it will
> > fail! This is not a neat thing to do as it will confuse the
> > user. So I try to block it by failing the
> > IOCTL_DISK_IS_WRITABLE during
> > startdevice, but this has another problem, which is I can’t
> > dynamically
> > change the status to the write but to reboot the system or
> > plug out and plug
> > in the device again. Which is again not neat.
> >
> > So is there a filter which will allow me to block write
> > access by filesystem
> > as well as using CreateFile to the PhysicalDevice and yet can
> > change the
> > block permission dynamically without reboot?
> >
> > Thank You!
> >
> > cheers,
> > vincent
> > >From: “Nick Ryan”
> > >Reply-To: “File Systems Developers”
> > >To: “File Systems Developers”
> > >Subject: [ntfsd] RE: which type of filter?
> > >Date: Tue, 24 Jun 2003 11:39:36 -0700
> > >
> > >In this case you would need a storage filter to fail opens on the
> > >storage device itself.
> > >
> > >- Nick Ryan
> > >
> > > > -----Original Message-----
> > > > From: xxxxx@lists.osr.com
> > > > [mailto:xxxxx@lists.osr.com] On Behalf Of
> > vincent gambit
> > > > Sent: Tuesday, June 24, 2003 3:23 AM
> > > > To: File Systems Developers
> > > > Subject: [ntfsd] RE: which type of filter?
> > > >
> > > >
> > > > hi,
> > > >
> > > > thanks for your reply.
> > > > does it block too for those application which use direct
> > access to
> > > > the device?
> > > > E.g. if the application use CreateFile to PhysicalDrvie1
> > > >
> > > > Thank You!
> > > >
> > > > cheers,
> > > > vincent
> > > >
> > > >
> > > > >From: “Nick Ryan”
> > > > >Reply-To: “File Systems Developers”
> > > > >To: “File Systems Developers”
> > > > >Subject: [ntfsd] RE: which type of filter?
> > > > >Date: Mon, 23 Jun 2003 22:19:22 -0700
> > > > >
> > > > >In that case, you can intercept mount requests like
> > you’d do in an
> > > > >ordinary filesystem filter (see the filespy sample), but
> > fail those
> > > > >requests for devices that you don’t want to see mounted. Use
> > > > >IoVolumeDeviceToDosName to determine what the drive letter
> > > > is for the
> > > > >storage device that is being mounted.
> > > > >
> > > > >- Nick Ryan
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: xxxxx@lists.osr.com
> > > > > > [mailto:xxxxx@lists.osr.com] On Behalf Of
> > > > vincent gambit
> > > > > > Sent: Monday, June 23, 2003 8:02 PM
> > > > > > To: File Systems Developers
> > > > > > Subject: [ntfsd] RE: which type of filter?
> > > > > >
> > > > > >
> > > > > > hi,
> > > > > >
> > > > > > i guess it will be option #2
> > > > > >
> > > > > > thank you
> > > > > >
> > > > > > cheers,
> > > > > > vincent
> > > > > >
> > > > > >
> > > > > > >From: “Nick Ryan”
> > > > > > >Reply-To: “File Systems Developers”
> > > > > > >To: “File Systems Developers”
> > > > > > >Subject: [ntfsd] RE: which type of filter?
> > > > > > >Date: Mon, 23 Jun 2003 19:16:42 -0700
> > > > > > >
> > > > > > >Do you want to:
> > > > > > >
> > > > > > >#1. Hide the drive letters from the user so he doesn’t see
> > > > > > them at all?
> > > > > > >#2. Let him see the drive letters, but prevent the
> > volumes from
> > > > > > >mounting? #3. Allow the volumes to mount, and let him
> > > > see files and
> > > > > > >directories, but prevent him from opening files?
> > > > > > >
> > > > > > >- Nick Ryan
> > > > > > >
> > > > > > > > -----Original Message-----
> > > > > > > > From: xxxxx@lists.osr.com
> > > > > > > > [mailto:xxxxx@lists.osr.com] On Behalf Of
> > > > > > vincent gambit
> > > > > > > > Sent: Monday, June 23, 2003 6:38 PM
> > > > > > > > To: File Systems Developers
> > > > > > > > Subject: [ntfsd] RE: which type of filter?
> > > > > > > >
> > > > > > > >
> > > > > > > > Hi,
> > > > > > > >
> > > > > > > > I would like to block accesses. e.g. block all read/write
> > > > > > access or
> > > > > > > > write access to floppy, cdrom, or removable drives/media
> > > > > > except hard
> > > > > > > > disk 0.
> > > > > > > >
> > > > > > > > Thank You!
> > > > > > > >
> > > > > > > > cheers,
> > > > > > > > vincent
> > > > > > > >
> > > > > > > > >From: “Nick Ryan”
> > > > > > > > >Reply-To: “File Systems Developers”
> > > > > > > > >To: “File Systems Developers”
> > > > > > > > >Subject: [ntfsd] RE: which type of filter?
> > > > > > > > >Date: Mon, 23 Jun 2003 11:50:23 -0700
> > > > > > > > >
> > > > > > > > >Well, do you want to filter file accesses (e.g. “Read
> > > > > > 1000 bytes at
> > > > > > > > >offset 0 in file foo.txt”), or block accesses (e.g. "Read
> > > > > > > > 1000 blocks
> > > > > > > > >at offset 0 on partition 0 of hard disk 0)?
> > > > > > > > >
> > > > > > > > >- Nick Ryan
> > > > > > > > >
> > > > > > > > > > -----Original Message-----
> > > > > > > > > > From: xxxxx@lists.osr.com
> > > > > > > > > > [mailto:xxxxx@lists.osr.com] On Behalf Of
> > > > > > > > vincent gambit
> > > > > > > > > > Sent: Monday, June 23, 2003 10:35 AM
> > > > > > > > > > To: File Systems Developers
> > > > > > > > > > Subject: [ntfsd] which type of filter?
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > Hi,
> > > > > > > > > >
> > > > > > > > > > I am trying to have a upper filter driver
> > that is able
> > > > > > > > > > to
> > > > > > > > filter all
> > > > > > > > > > access to storage devices.
> > > > > > > > > > Is there a single point of filtering?
> > > > > > > > > > Be it a floppy drives, hard drives or removable
> > > > > > > > > > drives/media. For example, when the user
> > click or try to
> > > > > > > > > > access a: or c: or
> > > > > > > > > > d: or f:, I
> > > > > > > > > > will be able to filter the read and write access.
> > > > > > Should it be a
> > > > > > > > > > disk filter driver or a file system filter driver?
> > > > > > > > > >
> > > > > > > > > > Thank you in advance for your advice.
> > > > > > > > > >
> > > > > > > > > > cheers,
> > > > > > > > > > vincent
> > > > > > > > > >
> > > > > > > > > >
> > > > > >
> > _
> > > > > > > > > >
> > > > > > > > > > Download Norah Jones, Eminem and more!
> > > > > > > > > > http://www.msn.com.sg/ringtones/ at only S$36
> > > > including GST
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > —
> > > > > > > > > > You are currently subscribed to ntfsd as:
> > > > xxxxx@nryan.com To
> > > > > > > > > > unsubscribe send a blank email to
> > > > > > > > > > xxxxx@lists.osr.com
> > > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >—
> > > > > > > > >You are currently subscribed to ntfsd as:
> > > > > > xxxxx@hotmail.com
> > > > > > > > >To unsubscribe send a blank email to
> > > > > > > > >xxxxx@lists.osr.com
> > > > > > > >
> > > > > > > >
> > > >
> > > > > > > > _
> > > > > > > > Get 10mb of inbox space with MSN Hotmail Extra Storage
> > > > > > > > http://join.msn.com/?pgmarket=en-sg
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > —
> > > > > > > > You are currently subscribed to ntfsd as:
> > xxxxx@nryan.com To
> > > > > > > > unsubscribe send a blank email to
> > > > > > > > xxxxx@lists.osr.com
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >—
> > > > > > >You are currently subscribed to ntfsd as:
> > > > xxxxx@hotmail.com
> > > > > > >To unsubscribe send a blank email to
> > > > > > >xxxxx@lists.osr.com
> > > > > >
> > > > > >
> >
> > > > > >
> > > > > > Keep track of Singapore stock prices.
> > http://www.msn.com.sg/money/
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > —
> > > > > > You are currently subscribed to ntfsd as: xxxxx@nryan.com To
> > > > > > unsubscribe send a blank email to
> > > > > > xxxxx@lists.osr.com
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > >—
> > > > >You are currently subscribed to ntfsd as:
> > xxxxx@hotmail.com
> > > > >To unsubscribe send a blank email to
> > > > >xxxxx@lists.osr.com
> > > >
> > > >
> > > > Get 10mb of inbox space with MSN Hotmail Extra Storage
> > > > http://join.msn.com/?pgmarket=en-sg at only S$36 including GST
> > > >
> > > >
> > > >
> > > > —
> > > > You are currently subscribed to ntfsd as: xxxxx@nryan.com To
> > > > unsubscribe send a blank email to xxxxx@lists.osr.com
> > > >
> > >
> > >
> > >
> > >—
> > >You are currently subscribed to ntfsd as: xxxxx@hotmail.com To
> > >unsubscribe send a blank email to xxxxx@lists.osr.com
> >
> > _________________________________________________________________
> > Get 10mb of inbox space with MSN Hotmail Extra Storage
> > http://join.msn.com/?pgmarket=en-sg at only S$36 including GST
> >
> >
> >
> > —
> > You are currently subscribed to ntfsd as: xxxxx@nryan.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
>
>
>
>